Overview

overview

10

Static

static

10

5dab82d0b9...de.exe

windows7-x64

10

5dab82d0b9...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5dab82d0b9cec45c1a9ccbc20ff7f3de

  • Size

    967KB

  • Sample

    231222-ebskgadea8

  • MD5

    5dab82d0b9cec45c1a9ccbc20ff7f3de

  • SHA1

    ab04f3d4772a50d43aaecd3d232f762c6dac6812

  • SHA256

    cf22a70193e3293853f80838e68f8659ce709a97cd78e0c814b688a0dcc1870d

  • SHA512

    c4db6b623058c2bdc008e24510f76774a4cde2985e2dd5c31e16059be767c6f05cc70109f67422a58aaa5f00042b8ae7d454d899a702c6e4b026869945dbac6b

  • SSDEEP

    24576:RNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75Sj1:Z7uKrnEQi2Ad/wQPLP0gx1qt5Sj1

Score
10/10
plaguebotbotnetpersistence

Malware Config

Targets

    • Target

      5dab82d0b9cec45c1a9ccbc20ff7f3de

    • Size

      967KB

    • MD5

      5dab82d0b9cec45c1a9ccbc20ff7f3de

    • SHA1

      ab04f3d4772a50d43aaecd3d232f762c6dac6812

    • SHA256

      cf22a70193e3293853f80838e68f8659ce709a97cd78e0c814b688a0dcc1870d

    • SHA512

      c4db6b623058c2bdc008e24510f76774a4cde2985e2dd5c31e16059be767c6f05cc70109f67422a58aaa5f00042b8ae7d454d899a702c6e4b026869945dbac6b

    • SSDEEP

      24576:RNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75Sj1:Z7uKrnEQi2Ad/wQPLP0gx1qt5Sj1

    Score
    10/10
    plaguebotbotnetpersistence

    • PlagueBot

      PlagueBot is an open source Bot written in Pascal.

      botnetplaguebot

    • PlagueBot Executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks