88d766e1d4cbb025175bec2ab8f960d52cf104bfac481da64f536bb7401842c0

General

Target

FuckBot.exe
Size

8.7MB
MD5

e934eb2bc8d75b3a635a69b7c3063a2c
SHA1

3e1077207b6f65f6f8ea65f1b00a2ac8022e2d22
SHA256

88d766e1d4cbb025175bec2ab8f960d52cf104bfac481da64f536bb7401842c0
SHA512

99115358cc9567de2a201b60ad9e7a5d9708ccc2b3a60d0c0a542ac87bad1fb1ef149b5675a92501e0475346664776750c9ca6a43dacd63b4e8bc2a64fbb141b
SSDEEP

196608:rgcnBJnK4TnsxHUmjqocHNz/o3l7jzMqtX3QzlbsD1o:rgcLn/Tsh4//MlttX3Qzj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1436	2892	FuckBot.exe	70
PID 2892 wrote to memory of 1436	2892	FuckBot.exe	70
PID 2892 wrote to memory of 1436	2892	FuckBot.exe	70
PID 1436 wrote to memory of 2592	1436	cmd.exe	73
PID 1436 wrote to memory of 2592	1436	cmd.exe	73
PID 1436 wrote to memory of 1752	1436	cmd.exe	74
PID 1436 wrote to memory of 1752	1436	cmd.exe	74
PID 1436 wrote to memory of 3808	1436	cmd.exe	76
PID 1436 wrote to memory of 3808	1436	cmd.exe	76

C:\Users\Admin\AppData\Local\Temp\FuckBot.exe
"C:\Users\Admin\AppData\Local\Temp\FuckBot.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\temp\launch.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1436
- - C:\ProgramData\Oracle\Java\javapath\java.exe
    java -server -Xmx2G -XX:+UseConcMarkSweepGC -XX:MaxGCPauseMillis=50 -Dfile.encoding=UTF-8 -jar FuckBot.jar --nojline
    3⤵
    PID:2592
- - C:\ProgramData\Oracle\Java\javapath\java.exe
    java -server -Xmx2G -XX:+UseConcMarkSweepGC -XX:MaxGCPauseMillis=50 -Dfile.encoding=UTF-8 -jar FuckBot.jar --nojline
    3⤵
    PID:1752
- - C:\ProgramData\Oracle\Java\javapath\java.exe
    java -server -Xmx2G -XX:+UseConcMarkSweepGC -XX:MaxGCPauseMillis=50 -Dfile.encoding=UTF-8 -jar FuckBot.jar --nojline
    3⤵
    PID:3808

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
913b6189499193deaeda6c08b6498978

SHA1
e1b8a38d899ac5cf3532957367741bf6a103c7e1

SHA256
e050225a1a3fc13889b29701b1c20fbe872bd020deb470455f274d9a5f3f1d4c

SHA512
238bc3290d1442f82d9a63e31790665c5955763ddfc431fe7fea33ae18ad742ac521da43e71d1c389c75830525b0632233973286e5bca21e279a8da01f982a42

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
518e76cc9afff695a43ba57081a8ef70

SHA1
f1de347be3de309b3ff034afc2afa8b14c256b6f

SHA256
a2ae53263c7418703c278db7992093d2d6a513c0e7e3ab326c3d4e8bac54f8b0

SHA512
fb1f1d5b165bc804ba198ce4ca6f1022fd4f302294402bd44d778e502dcd3b293b1fe5ca7c0110a3d3b0b1ac65fac9d8638bcdf27b969a4a8f5b759e903d9d8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp\FuckBot.jar

Filesize
51KB

MD5
e6a8431184459fe853894613e41db1b8

SHA1
7a4e63fbfb0701b03d9652e1ceb8167c4fc65158

SHA256
ffb604ae3a6d73d790c5baf478e50612e9b0c4800cec17f3680dfbcca86024f7

SHA512
3426a8387efdf10c343648aadfe9f84c3a7ba5a6b5c42a91cdd182b90fda7f7d5f30a8b16f54b77a66e3e9b8841efa17f3e411249eda6b112e4c66e587ed50d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp\Launch.bat

Filesize
183B

MD5
a04b72213c45b0741459243c4d40241a

SHA1
92a407f96335013d1afcafb82df4b7efc91c5543

SHA256
f8c677e1471ea9685b1c111a1ef6e31951ab00027c46bf71b72d4ccc3bb980fe

SHA512
484bb7b117b1810247a2e5da5264a34a01ce9346fc97aff420ae4835463061a0e342c6d49cf4d48b2ab9dd8e2af784b0d9e785e571dcd5bdc891e24e2d0566cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp\Library.jar

Filesize
9.5MB

MD5
a515de5f35b3cdb408d03ea994e3bacb

SHA1
785abb5e27a2411ca202efcae9a277d12b5b5fde

SHA256
7809eb17a621ac892be364148e2c511887387abcab3bca69090a9b0686678a35

SHA512
1e88b49f399f0dd774061edc2cb043fc7d01c7e760d31eb6024a16002886b916d8d38580ee063fbcb4851bd63b9a778ce1983e9f888735e6822cd91ad8d366c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\temp\Settings.yml

Filesize
1KB

MD5
c37d28d43144c17bdeea1a0c26dccb9b

SHA1
aaf0c084e0e019efcad2da64e0e1b18bbf1a2da1

SHA256
5b76d15f754288ccb31d100e64dd30dac26e0f75df525e540b847b347f43a61c

SHA512
b5516edd49046cf891850a155fe3b4738e37439728f93608b32ec1a5f367db1a4d2501e4af1750092a4ce9556ab015bda61f08d3426b85ef58c220367597442f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1148472871-1113856141-1322182616-1000\83aa4cc77f591dfc2374580bbd95f6ba_56102b4f-820e-4a73-b05f-d08577ab0d91

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
memory/1752-766-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/1752-770-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/1752-763-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/1752-775-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/1752-760-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/1752-743-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/1752-777-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/1752-682-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/1752-646-0x0000000001310000-0x0000000001311000-memory.dmp

Filesize
4KB

Download
memory/2592-285-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-443-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-303-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-311-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-313-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-315-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-343-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-352-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-358-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-359-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-363-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-375-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-394-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-305-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-300-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-297-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-296-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-292-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-289-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-288-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-284-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-281-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-253-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-201-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-195-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download
memory/2592-163-0x0000000002740000-0x0000000002741000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing