General
-
Target
5dab82d0b9cec45c1a9ccbc20ff7f3de
-
Size
967KB
-
Sample
231222-ebskgadea8
-
MD5
5dab82d0b9cec45c1a9ccbc20ff7f3de
-
SHA1
ab04f3d4772a50d43aaecd3d232f762c6dac6812
-
SHA256
cf22a70193e3293853f80838e68f8659ce709a97cd78e0c814b688a0dcc1870d
-
SHA512
c4db6b623058c2bdc008e24510f76774a4cde2985e2dd5c31e16059be767c6f05cc70109f67422a58aaa5f00042b8ae7d454d899a702c6e4b026869945dbac6b
-
SSDEEP
24576:RNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75Sj1:Z7uKrnEQi2Ad/wQPLP0gx1qt5Sj1
Malware Config
Targets
-
-
Target
5dab82d0b9cec45c1a9ccbc20ff7f3de
-
Size
967KB
-
MD5
5dab82d0b9cec45c1a9ccbc20ff7f3de
-
SHA1
ab04f3d4772a50d43aaecd3d232f762c6dac6812
-
SHA256
cf22a70193e3293853f80838e68f8659ce709a97cd78e0c814b688a0dcc1870d
-
SHA512
c4db6b623058c2bdc008e24510f76774a4cde2985e2dd5c31e16059be767c6f05cc70109f67422a58aaa5f00042b8ae7d454d899a702c6e4b026869945dbac6b
-
SSDEEP
24576:RNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75Sj1:Z7uKrnEQi2Ad/wQPLP0gx1qt5Sj1
Score10/10-
PlagueBot
PlagueBot is an open source Bot written in Pascal.
-
PlagueBot Executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-