Overview

overview

7

Static

static

7

BotNets/Sm...er.exe

windows7-x64

7

BotNets/Sm...er.exe

windows10-2004-x64

7

BotNets/Sm...er.exe

windows7-x64

1

BotNets/Sm...er.exe

windows10-2004-x64

1

BotNets/Sm...x.html

windows7-x64

1

BotNets/Sm...x.html

windows10-2004-x64

1

BotNets/Sm...x.html

windows7-x64

1

BotNets/Sm...x.html

windows10-2004-x64

1

BotNets/Sm...x.html

windows7-x64

1

BotNets/Sm...x.html

windows10-2004-x64

1

BotNets/Sm...x.html

windows7-x64

1

BotNets/Sm...x.html

windows10-2004-x64

1

BotNets/Sm...oip.js

windows7-x64

1

BotNets/Sm...oip.js

windows10-2004-x64

1

BotNets/Sm...x.html

windows7-x64

1

BotNets/Sm...x.html

windows10-2004-x64

1

BotNets/Sm...x.html

windows7-x64

1

BotNets/Sm...x.html

windows10-2004-x64

1

BotNets/Sm...x.html

windows7-x64

1

BotNets/Sm...x.html

windows10-2004-x64

1

BotNets/Sm...x.html

windows7-x64

1

BotNets/Sm...x.html

windows10-2004-x64

1

BotNets/Sm...er.exe

windows7-x64

7

BotNets/Sm...er.exe

windows10-2004-x64

7

BotNets/Th...de.pdf

windows7-x64

1

BotNets/Th...de.pdf

windows10-2004-x64

1

BotNets/Wa...al.url

windows7-x64

1

BotNets/Wa...al.url

windows10-2004-x64

1

BotNets/Wa...be.exe

windows7-x64

1

BotNets/Wa...be.exe

windows10-2004-x64

1

BotNets/Wa...be.exe

windows7-x64

1

BotNets/Wa...be.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BotNets.zip

  • Size

    276.3MB

  • Sample

    240404-vkchlsdg73

  • MD5

    9e03dc170091d7a5be88dadb11715482

  • SHA1

    b1d6789bac4530f97311ed0f97c3da4ce9363a48

  • SHA256

    11ac8b313e17391ba1c40d40d400b477bbc4bd48fc72967e308899319c9ec7bf

  • SHA512

    11a1dd25ed551a3038c12c9ee6bdbb49a983b0d637be9e1ce77b4c6ee64de16391b88e831375cf482d29211b7e5a34a12447d03d3778fe49b900e6d7ccfe8e17

  • SSDEEP

    6291456:HA5O9d3aOwWFxVFCIAMOsPUD8pMmbAWl/nlV1aR3ITEtiR7l2:HA8PZwWF0IAAZnbAWpsR3IzRx2

Score
7/10
linkpdfupx

Malware Config

Targets

    • Target

      BotNets/SmokeBot/Builder.exe

    • Size

      150KB

    • MD5

      a9fbbab787268d6b6b7591c731994cde

    • SHA1

      eff857cce9a252470b80b63710226058bc9d2c9c

    • SHA256

      fc7a97e7bf86c69a409c1211dddc4e97cbc109ffd4a8d1a13ff3b9aab9b9d0f9

    • SHA512

      d6ce3a60c0b3b2df9d07adb68e2578f7fabb97a7ccc370cd0871fe23d299f6e7251869d380dbd2561d35972131995a41dacacfdeba4c2ec3d0c9da1a21161ccc

    • SSDEEP

      3072:roOzSNRh6+Cs7nKCageYQ+f5keXt3RI7VlFtYtrdi9ddDojSLR205Pbt:cA+57KCaget+f5ky3QVlwtrdir9oM/x

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1behavioral2

    • Target

      BotNets/SmokeBot/SmokeBuilder.exe

    • Size

      152KB

    • MD5

      915d36d8249df2018b0b0dfe250b38fd

    • SHA1

      6d8afbc5c558b7922dd15dbd463dfef0d8b727f8

    • SHA256

      874b8ed1d4910e7ecd59d6f72ad17b8df8e7248143ef606cf0761a0c3767447d

    • SHA512

      94badd09349cb84ac20050565be47efc2944d44cc232733d21344d6eb2747a3a19e480262a479f87dc7f37758dc2b0f29f72a384a5639c688e80d54d4e4260aa

    • SSDEEP

      1536:m6vv5NtQkDkXROA8SHpHlzLEygj9wlvnqBTOIJCO:myUXR5DPk9wlvaOZO

    Score
    1/10
    behavioral3behavioral4

    • Target

      BotNets/SmokeBot/admin/data/index.html

    • Size

      91B

    • MD5

      3c79360ae83ecfdf909a16cbe606b951

    • SHA1

      7dac957f1b426d257d11c8ffad85c4ba2faec511

    • SHA256

      da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61

    • SHA512

      31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

    Score
    1/10
    behavioral5behavioral6

    • Target

      BotNets/SmokeBot/admin/exe/index.html

    • Size

      91B

    • MD5

      3c79360ae83ecfdf909a16cbe606b951

    • SHA1

      7dac957f1b426d257d11c8ffad85c4ba2faec511

    • SHA256

      da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61

    • SHA512

      31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

    Score
    1/10
    behavioral7behavioral8

    • Target

      BotNets/SmokeBot/admin/imgs/flags/index.html

    • Size

      91B

    • MD5

      3c79360ae83ecfdf909a16cbe606b951

    • SHA1

      7dac957f1b426d257d11c8ffad85c4ba2faec511

    • SHA256

      da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61

    • SHA512

      31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

    Score
    1/10
    behavioral10behavioral9

    • Target

      BotNets/SmokeBot/admin/imgs/os/index.html

    • Size

      91B

    • MD5

      3c79360ae83ecfdf909a16cbe606b951

    • SHA1

      7dac957f1b426d257d11c8ffad85c4ba2faec511

    • SHA256

      da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61

    • SHA512

      31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

    Score
    1/10
    behavioral11behavioral12

    • Target

      BotNets/SmokeBot/admin/inc/geoip.php

    • Size

      22KB

    • MD5

      d4022de1bcbd5dc96b4e8610d3fd123b

    • SHA1

      1f7abd2eceab53619773cfde93ee55b368c91bab

    • SHA256

      48e65141930b587b831b8c9e114c26c0097535cada660a60630bfcf274f0b1ee

    • SHA512

      947efbf5cad3379e15133fbdf257c8d48666116f72273f0337a428f46f249dab6274e5d94fd342728b2100006ffcad75d76b0d96ea97b2b7bae9ec527bb9927f

    • SSDEEP

      384:25DZLdLzwxhOdq+JGGP+cViZQltm9It9TEG0JjZEvPUn1ZKEx8jZYakjgB9boPFS:25DZdLzwxhfoP+c6okd8WAr

    Score
    1/10
    behavioral13behavioral14

    • Target

      BotNets/SmokeBot/admin/inc/index.html

    • Size

      91B

    • MD5

      3c79360ae83ecfdf909a16cbe606b951

    • SHA1

      7dac957f1b426d257d11c8ffad85c4ba2faec511

    • SHA256

      da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61

    • SHA512

      31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

    Score
    1/10
    behavioral15behavioral16

    • Target

      BotNets/SmokeBot/admin/index.html

    • Size

      91B

    • MD5

      3c79360ae83ecfdf909a16cbe606b951

    • SHA1

      7dac957f1b426d257d11c8ffad85c4ba2faec511

    • SHA256

      da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61

    • SHA512

      31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

    Score
    1/10
    behavioral17behavioral18

    • Target

      BotNets/SmokeBot/admin/mods/index.html

    • Size

      91B

    • MD5

      3c79360ae83ecfdf909a16cbe606b951

    • SHA1

      7dac957f1b426d257d11c8ffad85c4ba2faec511

    • SHA256

      da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61

    • SHA512

      31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

    Score
    1/10
    behavioral19behavioral20

    • Target

      BotNets/SmokeBot/admin/shell/index.html

    • Size

      91B

    • MD5

      3c79360ae83ecfdf909a16cbe606b951

    • SHA1

      7dac957f1b426d257d11c8ffad85c4ba2faec511

    • SHA256

      da1f9d3c8cdee13dda98734237fabc708a983ef5e70dc9a6312bab87ff99aa61

    • SHA512

      31a55456f48c3fb787f0f4410004777e3468fc5cde4c2c2e2d4159e2a1b68e6c03fef5a74e70e106d93e8b737508c34858ba5e0b5cb39d7a5dd234d06f455c55

    Score
    1/10
    behavioral21behavioral22

    • Target

      BotNets/SmokeBot/tools/Parser.exe

    • Size

      159KB

    • MD5

      139ed6ade0b105e35208e5e02fda8a12

    • SHA1

      fb078d770769609aef61e4cb4c273356d380def9

    • SHA256

      f646ae693b297d12a62bbc130ceb536539d42e6fae4bd835de3e594e0fa0b07c

    • SHA512

      7f4f9e0da81ebd68c4f82dc94c6a3f53e5c30481a47bbb5b44cd0bca48b10bcc0234bfba830a0d8a32b1caf1bfd7a0946516113085c6563ad15f0ea4a26d92b1

    • SSDEEP

      3072:QUvOPctYN71FgRn6hQbxZQ26fWZ+NTiHTtlLG4gKqN3doaz+fdG:QEOPc2NJFgRnmQbxZPwrtizXhgBNNo2O

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral23behavioral24

    • Target

      BotNets/The Botnet Guide.pdf

    • Size

      1.0MB

    • MD5

      bb70cada86476c95d30cf2fa95f8f3f2

    • SHA1

      0cde535a11cf81b2e903941e6793f9d33c48adaf

    • SHA256

      00c47cd5a6a69b9b0f659cc1f766c77fdef61f9fa632695a14060ac3471819d4

    • SHA512

      0623376724a7e55decff7984b43e31d34cf3d1b6fb4add8ad81fec2d9b9c7ae3f9aff25597992a6d7d6643e21e4accf3e98cd15bee09bc31b730d7866c610718

    • SSDEEP

      24576:mSCi2cg+M77kRMKI63upKAuLZ2VjHSfMxlJSN+TLdl:JMcXN3ceLiRxnS8Tb

    Score
    1/10
    behavioral25behavioral26

    • Target

      BotNets/WarBot/(HTTP Botnet) Warbot Botnet Tutorial.url

    • Size

      140B

    • MD5

      44f672e30a0b21b02416442ea677054d

    • SHA1

      21b1a5a5a60643015e4b17641a824229a6de58cc

    • SHA256

      930cf43badc59d3bf4afa9cdb66c00e1e8490407442747a16fa1db280ca87e64

    • SHA512

      1244338c62e97a0d781f9c8f961208406bcdc28e8cc188372eb03c0356e624b83056b4ef58dd0cbc020fcf685959c7d04972cb9b370e861f1f7350a7a0dac4a3

    Score
    1/10
    behavioral27behavioral28

    • Target

      BotNets/WarBot/WarBot/Builder & Bot/Builder & Bot/RedTube.exe

    • Size

      56KB

    • MD5

      da1aba4a05e4045f3cfe1bdd26fafe85

    • SHA1

      52f64a85f047d145cabf35d95074058a4a1e0d21

    • SHA256

      a6859895c2d09752d0de2aef8701e1f0d7dbfb5f2382349fabc0e8356f090a00

    • SHA512

      8775b14b996d2bc6b2fe8ff88c387f22afa8964010e6ab11e9fdc8fe7303b1c57153d812c8fb4821e5bbd6af783b471fdcf7d97034a9cd9e46f770bbd342a562

    • SSDEEP

      768:w4dk7A9NkcFabPUy71NebNSWap1u2LAY32G/PqiUgo3ou:wcoikcFMUy70abu2LAYrDo3

    Score
    1/10
    behavioral29behavioral30

    • Target

      BotNets/WarBot/WarBot/Builder & Bot/RedTube.exe

    • Size

      56KB

    • MD5

      da1aba4a05e4045f3cfe1bdd26fafe85

    • SHA1

      52f64a85f047d145cabf35d95074058a4a1e0d21

    • SHA256

      a6859895c2d09752d0de2aef8701e1f0d7dbfb5f2382349fabc0e8356f090a00

    • SHA512

      8775b14b996d2bc6b2fe8ff88c387f22afa8964010e6ab11e9fdc8fe7303b1c57153d812c8fb4821e5bbd6af783b471fdcf7d97034a9cd9e46f770bbd342a562

    • SSDEEP

      768:w4dk7A9NkcFabPUy71NebNSWap1u2LAY32G/PqiUgo3ou:wcoikcFMUy70abu2LAYrDo3

    Score
    1/10
    behavioral31behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

9
T1112

Credential Access

Discovery

Query Registry

8
T1012

System Information Discovery

8
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

pdflinkupx
Score
7/10

behavioral1

upx
Score
7/10

behavioral2

upx
Score
7/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

Score
1/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

upx
Score
7/10

behavioral24

upx
Score
7/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10