plaguebot | 216f78a4be6357c2990ff1db5c359457d140ff27e71e9dcb374d119046e053f7 | Triage

Submit
Reports

Overview

overview

Static

static

dd9a2edf17...89.exe

windows7-x64

dd9a2edf17...89.exe

windows10-2004-x64

Sharing

General

Target

dd9a2edf17f5be8c871b7391a6739f89
Size

967KB
Sample

240325-krpreabe95
MD5

dd9a2edf17f5be8c871b7391a6739f89
SHA1

cebd20ebdc923133ca26babec4375aa859e0c09b
SHA256

216f78a4be6357c2990ff1db5c359457d140ff27e71e9dcb374d119046e053f7
SHA512

e273d6f46beede6ab43523b49b1db3461374e17952e89bef451c1cd46ed9a8d7b894b19b3d4f28bf345f198f71fc54dc625151573c1e83bfca52a51545252f2f
SSDEEP

24576:hNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75SY1:J7uKrnEQi2Ad/wQPLP0gx1qt5SY1

Score

10^/10

plaguebot botnet persistence

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

dd9a2edf17f5be8c871b7391a6739f89.exe

Resource

win7-20240221-en

plaguebot botnet persistence

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

dd9a2edf17f5be8c871b7391a6739f89.exe

Resource

win10v2004-20240226-en

plaguebot botnet

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  dd9a2edf17f5be8c871b7391a6739f89
- Size
  
  967KB
- MD5
  
  dd9a2edf17f5be8c871b7391a6739f89
- SHA1
  
  cebd20ebdc923133ca26babec4375aa859e0c09b
- SHA256
  
  216f78a4be6357c2990ff1db5c359457d140ff27e71e9dcb374d119046e053f7
- SHA512
  
  e273d6f46beede6ab43523b49b1db3461374e17952e89bef451c1cd46ed9a8d7b894b19b3d4f28bf345f198f71fc54dc625151573c1e83bfca52a51545252f2f
- SSDEEP
  
  24576:hNxsglIPAtgV+rnEQBg2AdqgwGd9OCPltP0gxkR3dCqJO5VxQ75SY1:J7uKrnEQi2Ad/wQPLP0gx1qt5SY1
Score

10^/10

plaguebot botnet persistence
- PlagueBot
  PlagueBot is an open source Bot written in Pascal.
  botnet plaguebot
- PlagueBot Executable
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

plaguebotbotnetpersistence

behavioral2

plaguebotbotnet

© 2018-2024

Terms | Privacy