Overview

overview

3

Static

static

3

botnet.pdf

windows7-x64

1

botnet.pdf

windows10-2004-x64

1

harvecter.c.pdf

windows7-x64

1

harvecter.c.pdf

windows10-2004-x64

1

http_server.pdf

windows7-x64

1

http_server.pdf

windows10-2004-x64

1

ircbot.exe

windows7-x64

1

ircbot.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    harvecter_bot.rar

  • Size

    1.1MB

  • MD5

    2ba073919798b49fda385298fe64d935

  • SHA1

    be588ee6a8e3806f33c2e7bacebb2a3e0548d12b

  • SHA256

    4f734bb6532de1297279439f9e1b2e97b02716c574e0366189270342c0dae39d

  • SHA512

    2663bed217ffc4464bbfb8ce11b70f6d56ddfcfca9281995e82085f9a842ddcb3bdb9cbedbf1dc8f3c067398b15efdf2486d67d588a15694778f1f0108b02fb7

  • SSDEEP

    24576:gQcj1Qigc29AnF7LY0yIoqx+EeKxewzmbp0wHhYkIKUQome/wC3ObYz:jiQiz22FHmIonKxewSbfPUQomNaz

Score
3/10
pdflink

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • harvecter_bot.rar
    .rar

    Password: infected

  • HarveCter_0.8_basics_manual.jpg
  • botnet.pdf
    .pdf

    Password: infected

  • harvecter.c
  • harvecter.c.pdf
    .pdf

    Password: infected

    • http://irc.2600.net

  • http_server.pdf
    .pdf

    Password: infected

  • ircbot.exe.warning
    .exe windows x86

    Password: infected

    17023dd9f9817f396d4407c218212d77


    Headers

    Imports

    Sections