Overview

overview

3

Static

static

3

rBot 0.2-M...SG.exe

windows7-x64

3

rBot 0.2-M...SG.exe

windows10-2004-x64

3

rBot 0.2-M...ot.vbs

windows7-x64

1

rBot 0.2-M...ot.vbs

windows10-2004-x64

1

rBot 0.2-M...Bot.js

windows7-x64

1

rBot 0.2-M...Bot.js

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    rBot_0.2-MODE-by-akusot.v1.5.rar

  • Size

    1.1MB

  • MD5

    839e1825a9580a03032de1bbf46b6059

  • SHA1

    65547c27fcd583a1385a0e82355e10b56f423b76

  • SHA256

    6eb717c06478d25eede11350777cb0b6baaf247bdd5339b0fc40c2f612ea86df

  • SHA512

    a893eb40b103e2c95159ed0cc1c85daf5127514efc7eddc3f08b65f45afc5152729d3e1645c270f30d5fc5271bd614a4d1ee9d34fa6d6f1cc45951eca0b1fd57

  • SSDEEP

    24576:Gu8MW4xi1+pvVSJB9DlZDPZXyd4awDiy7r2ZqRioeBYjBTkPO829Y1WCSlXT5mn:Gp14x3V6jrC4akiy7r2Zq4NYjJkV11Wg

Score
3/10

Malware Config

Signatures

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • rBot_0.2-MODE-by-akusot.v1.5.rar
    .rar

    Password: infected

  • rBot 0.2-MODE-by-akusot.v1.5/Packer/FSG.EXE
    .exe windows x86

    Password: infected


    Headers

    Sections

  • rBot 0.2-MODE-by-akusot.v1.5/Release/rBot.obj
  • rBot 0.2-MODE-by-akusot.v1.5/Release/rBot.pch
  • rBot 0.2-MODE-by-akusot.v1.5/Release/vc60.idb
  • rBot 0.2-MODE-by-akusot.v1.5/crc32.c
  • rBot 0.2-MODE-by-akusot.v1.5/crc32.h
  • rBot 0.2-MODE-by-akusot.v1.5/ntpass.cpp
  • rBot 0.2-MODE-by-akusot.v1.5/rBot.cpp
    .vbs
  • rBot 0.2-MODE-by-akusot.v1.5/rBot.dsp
  • rBot 0.2-MODE-by-akusot.v1.5/rBot.dsw
  • rBot 0.2-MODE-by-akusot.v1.5/rBot.ncb
  • rBot 0.2-MODE-by-akusot.v1.5/rBot.opt
    .js
  • rBot 0.2-MODE-by-akusot.v1.5/readme.txt
  • rBot 0.2-MODE-by-akusot.v1.5/tcpip.h