Overview

overview

7

Static

static

7

shellbotFT...ead.js

windows7-x64

1

shellbotFT...ead.js

windows10-2004-x64

1

shellbotFT...tic.js

windows7-x64

1

shellbotFT...tic.js

windows10-2004-x64

1

shellbotFT...upe.js

windows7-x64

1

shellbotFT...upe.js

windows10-2004-x64

1

shellbotFT...ect.js

windows7-x64

1

shellbotFT...ect.js

windows10-2004-x64

1

shellbotFT...b.html

windows7-x64

1

shellbotFT...b.html

windows10-2004-x64

1

shellbotFTP/vPOEb.xml

windows7-x64

1

shellbotFTP/vPOEb.xml

windows10-2004-x64

1

shellbotFT...11.exe

windows7-x64

7

shellbotFT...11.exe

windows10-2004-x64

7

shellbotFT...en.exe

windows7-x64

1

shellbotFT...en.exe

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    shellbotFTP.rar

  • Size

    509KB

  • MD5

    1d5a6cd11731d12dbf980f00924c3e5d

  • SHA1

    63ae183a67ee51ca59a136d6909aef19c64903f3

  • SHA256

    5025bb2799245d2404001406d6a4abb6df9fcfdc645c394bd140287103489be2

  • SHA512

    3747fa8840ced52d778e212370e20cedd048925c3e096b85153f9e313c717e60392d6964562f8b50588b311c90c71046f269bbdfd6f19dc86733730c537189af

  • SSDEEP

    12288:8sSXHu63xPEX2/+8XtVYw9lSd1pThBJQt:HSXO6BTP9yHtBJQt

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 2 IoCs

    Checks for missing Authenticode signature.

Files

  • shellbotFTP.rar
    .rar

    Password: infected

  • shellbotFTP/CThread.cpp
    .js
  • shellbotFTP/CThread.h
  • shellbotFTP/Crc32Static.cpp
    .js
  • shellbotFTP/Crc32Static.h
  • shellbotFTP/HellMail.cpp
  • shellbotFTP/HellMail.h
  • shellbotFTP/Main.cpp
  • shellbotFTP/Main.h
  • shellbotFTP/Pcap.cpp
  • shellbotFTP/Pcap.h
  • shellbotFTP/RMed/CHttpd.cpp
  • shellbotFTP/RMed/CHttpd.h
  • shellbotFTP/RMed/CJupe.cpp
    .js
  • shellbotFTP/RMed/CJupe.h
  • shellbotFTP/RMed/lsass_http.cpp
  • shellbotFTP/RMed/vAdvscan.cpp
  • shellbotFTP/RMed/vAdvscan.h
  • shellbotFTP/Random.h
  • shellbotFTP/Service.cpp
  • shellbotFTP/asn_ftp.cpp
  • shellbotFTP/asn_ftp.h
  • shellbotFTP/color.h
  • shellbotFTP/commands.txt
  • shellbotFTP/comment.txt
  • shellbotFTP/dsconfig_ftp.cpp
  • shellbotFTP/lsass_ftp.cpp
  • shellbotFTP/lsass_ftp.h
  • shellbotFTP/mail/lib.c
  • shellbotFTP/mail/lib.h
  • shellbotFTP/mail/massmail.c
  • shellbotFTP/mail/massmail.h
  • shellbotFTP/mail/msg.c
  • shellbotFTP/mail/msg.h
  • shellbotFTP/mail/scan.c
  • shellbotFTP/mail/scan.h
  • shellbotFTP/mail/utility.h
  • shellbotFTP/mail/xdns.c
  • shellbotFTP/mail/xdns.h
  • shellbotFTP/mail/xsmtp.c
  • shellbotFTP/mail/xsmtp.h
  • shellbotFTP/mail/zipstore.c
  • shellbotFTP/mail/zipstore.h
  • shellbotFTP/msmq_ftp.cpp
  • shellbotFTP/pnp_ftp.cpp
  • shellbotFTP/pnp_ftp.h
  • shellbotFTP/rarpacker.cpp
  • shellbotFTP/rarpacker.h
  • shellbotFTP/resetfix.cpp
  • shellbotFTP/tracealloc.cpp
  • shellbotFTP/vCmdList.h
  • shellbotFTP/vCommands.cpp
  • shellbotFTP/vCommands.h
  • shellbotFTP/vConfig.cpp
  • shellbotFTP/vConnect.cpp
    .js
  • shellbotFTP/vConnect.h
  • shellbotFTP/vDLL.cpp
  • shellbotFTP/vDownload.cpp
  • shellbotFTP/vDownload.h
  • shellbotFTP/vExterns.h
  • shellbotFTP/vFPHost.cpp
  • shellbotFTP/vFPHost.h
  • shellbotFTP/vInclude.h
  • shellbotFTP/vKeepAlive.cpp
  • shellbotFTP/vKeepAlive.h
  • shellbotFTP/vMisc.cpp
  • shellbotFTP/vMisc.h
  • shellbotFTP/vPOEb.cpp
  • shellbotFTP/vPOEb.dsp
  • shellbotFTP/vPOEb.dsw
  • shellbotFTP/vPOEb.h
  • shellbotFTP/vPOEb.ncb
  • shellbotFTP/vPOEb.opt
  • shellbotFTP/vPOEb.plg
    .html
  • shellbotFTP/vPOEb.sln
  • shellbotFTP/vPOEb.suo
  • shellbotFTP/vPOEb.vcproj
    .xml
  • shellbotFTP/vScanner.cpp
  • shellbotFTP/vScanner.h
  • shellbotFTP/vShellcode.cpp
  • shellbotFTP/vShellcode.h
  • shellbotFTP/wabmail.cpp
  • shellbotFTP/wabmail.h
  • shellbotFTP/wks_ftp.cpp
  • shellbotFTP/wks_ftp.h
  • shellbotFTP/xorgen/mew11.exe
    .exe windows x86


    Headers

    Sections

  • shellbotFTP/xorgen/xorgen.exe
    .exe windows x86

    Password: infected


    Headers

    Sections