Overview

overview

3

Static

static

1

botnet-main (1).zip

windows7-x64

1

botnet-main (1).zip

windows10-2004-x64

1

botnet-main/index.js

windows7-x64

3

botnet-main/index.js

windows10-2004-x64

3

botnet-mai...ROY.js

windows7-x64

3

botnet-mai...ROY.js

windows10-2004-x64

3

botnet-mai...VIP.js

windows7-x64

3

botnet-mai...VIP.js

windows10-2004-x64

3

botnet-mai...MIX.js

windows7-x64

3

botnet-mai...MIX.js

windows10-2004-x64

3

botnet-mai...Rex.js

windows7-x64

3

botnet-mai...Rex.js

windows10-2004-x64

3

botnet-mai...SSH.js

windows7-x64

3

botnet-mai...SSH.js

windows10-2004-x64

3

botnet-mai...ILL.js

windows7-x64

3

botnet-mai...ILL.js

windows10-2004-x64

3

botnet-mai...Ov2.js

windows7-x64

3

botnet-mai...Ov2.js

windows10-2004-x64

3

botnet-mai...fic.js

windows7-x64

3

botnet-mai...fic.js

windows10-2004-x64

3

botnet-mai...TLS.js

windows7-x64

3

botnet-mai...TLS.js

windows10-2004-x64

3

botnet-mai...ass.js

windows7-x64

3

botnet-mai...ass.js

windows10-2004-x64

3

botnet-mai...ood.js

windows7-x64

3

botnet-mai...ood.js

windows10-2004-x64

3

botnet-mai...kie.js

windows7-x64

3

botnet-mai...kie.js

windows10-2004-x64

3

botnet-mai...s/dirz

windows7-x64

1

botnet-mai...s/dirz

windows10-2004-x64

1

botnet-mai...dns.js

windows7-x64

3

botnet-mai...dns.js

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    botnet-main (1).zip

  • Size

    407KB

  • Sample

    241106-llhxcaxgnh

  • MD5

    cfc68579ccc97fbaad008a6817af449c

  • SHA1

    54231494d41067d144b00f6ce08186d75c41c2b1

  • SHA256

    5a5ef33c1d2d86a0a9a4484d2593179630e7305e0481ee3b8645d3a50b96d017

  • SHA512

    062e419b41e2f81a7bb4afbcb86d2f0b89fde20ffe60949c95f2e648f09bef10783d2a2be51363bdbdb87784e445df1441e9cbc74d608fd5335a981cf74d7fc5

  • SSDEEP

    12288:cKTj+VFkyEOUoWNAC6IuUEz4JGhVJGOPkKxrDGXtyY:cKv+VtEeMYUzEmKx3GdL

Score
3/10
execution

Malware Config

Targets

    • Target

      botnet-main (1).zip

    • Size

      407KB

    • MD5

      cfc68579ccc97fbaad008a6817af449c

    • SHA1

      54231494d41067d144b00f6ce08186d75c41c2b1

    • SHA256

      5a5ef33c1d2d86a0a9a4484d2593179630e7305e0481ee3b8645d3a50b96d017

    • SHA512

      062e419b41e2f81a7bb4afbcb86d2f0b89fde20ffe60949c95f2e648f09bef10783d2a2be51363bdbdb87784e445df1441e9cbc74d608fd5335a981cf74d7fc5

    • SSDEEP

      12288:cKTj+VFkyEOUoWNAC6IuUEz4JGhVJGOPkKxrDGXtyY:cKv+VtEeMYUzEmKx3GdL

    Score
    1/10
    behavioral1behavioral2

    • Target

      botnet-main/index.js

    • Size

      3KB

    • MD5

      a735723ebe458082eaddc648190a43db

    • SHA1

      401ac53c56333254ff9134fc13bbb2ee1b5be009

    • SHA256

      efe0ca0d31430b69c7dc406448ea24639c7d8f71ec716d1578e7ace719255911

    • SHA512

      ebe73ed093d37111353e1eb7c167a184a8da708d34f9d721db400ffc6ad1ef72e15cbb3383fd3f680303375a567e6b44c3f9b53cd51e4d84dff6e98f58f78aec

    Score
    3/10
    execution
    behavioral3behavioral4

    • Target

      botnet-main/methods/DESTROY.js

    • Size

      1.0MB

    • MD5

      ed04c5976a7b48d23802cd2d3f609535

    • SHA1

      ce66337054ea59018dab08f483a187de933feff4

    • SHA256

      901eade5320b2b9247d46f9ae9035dcc44d9f66008ed0578f68a405381fa6459

    • SHA512

      4a54fc07c4d6ce8385ee66292a8b8106e26aab68beaa4e9954fab9a3fe9f37e1064f8cc378c782e331cc37b4404aeb96ba9ddd69c02e28ba8500614e458c5092

    • SSDEEP

      1536:wEPJjy6y2ZiBMyy6y2Fstzjk4SPnpXwkfNj4R+qadV4xSeCbLdoXcz8muNbe/nJL:M2P30n6rIj4ALdoXMiH0HqP+/

    Score
    3/10
    execution
    behavioral5behavioral6

    • Target

      botnet-main/methods/HTTP-VIP.js

    • Size

      1.2MB

    • MD5

      72420ec896a004a72c316086cab38f99

    • SHA1

      6e73aa1ee607a41ac18d5f2c7a4c333a8a52e288

    • SHA256

      2f031707e8ec229f51ea9915263b6d99742d9652cf83e4e5c15691cd9eae9993

    • SHA512

      b29aee05194c92cb57a1f6475c4938f64cbde544e08c3505a09ef284611b0d452b524b04a77c03209be628d2e3694ab2f2a5e5307beed13ead9d197ae3066ca0

    • SSDEEP

      1536:gvPsm5Z1Z7vymcxi5XCdodB6P35Ib0vBayi5XCdodB6P35Ib0vBaDiMXCdodB6PQ:Jtos35IbQ9os35IbQ3os35IbQXEN

    Score
    3/10
    execution
    behavioral7behavioral8

    • Target

      botnet-main/methods/RAW-MIX.js

    • Size

      52KB

    • MD5

      8d23677b419f6925dc6f6908a3b3f63e

    • SHA1

      23acfb2affa1f69efaf873e4290dfcdf799d1eb0

    • SHA256

      d9c6f5658546a6955538f022ee0c86b2787794c37d12b2623a903825ca171d00

    • SHA512

      27ffa0e730ac8b485e7c3d8c1b43b4cf61c867da33db8bf401d843270bacd079b52032b8efac15644e372c21aea37ce300bbc531880b31f56f0f18275d29f4e3

    • SSDEEP

      384:WSFtYcxa2w+skQcJZIdr1ImkshD3DnxCK8paVv+53Z6ijldN3zqopvHvQpvIpZ1Z:WSLYcUR+QHZRtUNZlDqO/+GJdy98Nd

    Score
    3/10
    execution
    behavioral10behavioral9

    • Target

      botnet-main/methods/Rex.js

    • Size

      299KB

    • MD5

      c9d92524169f0b921eee28a3e3cf579d

    • SHA1

      3a7b517dd256ac8fbcae5fef7c4aaa89b7721f49

    • SHA256

      aad264ae9562704c68b6952d2ceb597afc1c705ff5694ccc978aee4ab4902854

    • SHA512

      bbd1880e4866f03172df882765808729c8068bc4a8867f1a609662b8cb2463198e4f73bb953afb6868a6d6edc452b184c5ab9d93c561533dee3b6a51dedc747d

    • SSDEEP

      1536:SLCPU/lJ126W26WM0LGRfU7tjZkRmvEreLnnHnamp4OmPLJRkPb2SPCfXw5fNffH:SPemvEreLnnswPtHWBk

    Score
    3/10
    execution
    behavioral11behavioral12

    • Target

      botnet-main/methods/StarsXSSH.js

    • Size

      885B

    • MD5

      95303a3ed6bcf87336734ce858840f89

    • SHA1

      d59ac77b18a3e30b4181686488c9721bbf1a7f0b

    • SHA256

      bd852c9242305ae55cff6b3793b1a7527bdb5f6fdd18b329c168c6e3f4f4115a

    • SHA512

      78d9b49883976f21c7be1ec4ee60e160e023599b9aa35ac17f4ae5006290e3d573790ebcb4aa289f35892a3bf86c7bcdcd9cfb118f022666d543f8bcc8241255

    Score
    3/10
    execution
    behavioral13behavioral14

    • Target

      botnet-main/methods/TLS-KILL.js

    • Size

      42KB

    • MD5

      e29a750e39ca6478fa83008c6ec872c3

    • SHA1

      d5c7bf88aaabe6b8da5e5313fad1adf08da4c634

    • SHA256

      e500013e72a1c7cbfc1c3a9d4e33103a048b2d780f6ad604ad0872c9020776db

    • SHA512

      7ece1b1c8ab1c6588bfb7f3e94e1a2e54ad008757f3390dd0552ed047d13331925aa45bed5eb31ad9dc942600a8d21223d9c18270799542b10de06c88794a817

    • SSDEEP

      768:yvPPnbfJXbv7tbv7+nFArfLrfLNVobac14WgirXbv7tbv7TCPzpvTpe28vWgpZu3:yvP7JXbv7tbv7+nFArfLrfLNVobac14f

    Score
    3/10
    execution
    behavioral15behavioral16

    • Target

      botnet-main/methods/TORNADOv2.js

    • Size

      34KB

    • MD5

      c19e79f06571ff3fe481b9073dd47dc7

    • SHA1

      2ef3cb2dfb4470d544bcc44684aa1e840f8b5498

    • SHA256

      2ebc5b00015a9cac040abdac1bc0c63b05f9b71eaedae2d957b3c3f98dd30f79

    • SHA512

      bd1d601050b581fe5edafcb65337cddb5ce20581b9ad0395862c70daa08b9c100ccaf8d873237a573d184bc8726946b4be6fddd3f8b90b09fb0f17c9d5e8b3df

    • SSDEEP

      768:PcewIP9Q7ZMkdbxdb0RuQrRQovxe7XrnVz3b:QMZRhxobR3b

    Score
    3/10
    execution
    behavioral17behavioral18

    • Target

      botnet-main/methods/Traffic.js

    • Size

      31KB

    • MD5

      4a155f04fd838da553041f82ca2afbf7

    • SHA1

      d92dfd15624f5c6d63ddcf166849d5640416e3fd

    • SHA256

      eea8a985477006f988e0e7a1ba349cc1b76341d128793dccdfa4b1d0dc86d49c

    • SHA512

      492ff90754f056bae897d58093a49b9f66be5aa596532257be1f460412f3be14ee3aa1ef9baad22cf8ae04dedf6b4eb4fe72f4f99e60527e349b1bc9ddf05d87

    • SSDEEP

      384:0Qc7I+nVIP2dWZ0SJGn4tjYtj7F1+Fis43Wvpzgb3NbSMIaKB/rPEwX3F3I3bLNy:9UVIPT6SXZYZvmvpzg119wAbJXwjZ

    Score
    3/10
    execution
    behavioral19behavioral20

    • Target

      botnet-main/methods/YAT-TLS.js

    • Size

      25KB

    • MD5

      235c6c96e73d201d3c57512e6910fd61

    • SHA1

      e2f318d174efb4465d5e0f85258471576cd44d1f

    • SHA256

      d95576de06d7f36aa008063ad638398f5fd551256ea13404705066007a92fef0

    • SHA512

      f63a0799088d03e358b494a7d957ea522d36151135ac8e0593cfda2aa9e0597fa6ef746feade1b1d1619ccb40cb8731c4965dbce3f106b0c5a806343a2eafdb7

    • SSDEEP

      768:H0vvPPnbxRV/lyifm0HiqmOiUAHYAeU+XQc:UvvP1RV/lyymSiqmOiHYAeU6Qc

    Score
    3/10
    execution
    behavioral21behavioral22

    • Target

      botnet-main/methods/bypass.js

    • Size

      299KB

    • MD5

      2c3bdd5ad6904cb18cc0f978eafc1461

    • SHA1

      9e0833d410ac2ea44b540be1a653608459b1a679

    • SHA256

      e70c650da319d25db3f521d7a978573574cfb62c45c8e5cf070bb9d6c3707ea3

    • SHA512

      31509f58e7189123c3ecbf8ee6b9fe342bfbdfd8cbdf608ca39b79de19a889d46ef3e02276301710315083d9478a8401a231b6339e52c3b5203265c140565e99

    • SSDEEP

      1536:ULCPU9lJO26W26WM0LGRfU7tjZkRmvEreLnnsnamp4OmPLJRkPb2SPCfXw5fNffV:UPZmvEreLnnRwPtHWM1

    Score
    3/10
    execution
    behavioral23behavioral24

    • Target

      botnet-main/methods/cf-flood.js

    • Size

      2KB

    • MD5

      2299a4a175f6f2ea8f8ab9784288a634

    • SHA1

      fbef555f2b0b0c6d5bac05fc0b393bd17961e47d

    • SHA256

      24da03321337fc892526a4c4da2579f2a7bf67ad50f3e3ba04210be45503bec4

    • SHA512

      271dd19846212ca1309740082fe8bfd9c5c35b3b7d654d0d6b8a11b27c087e9ae5a932cf7fac127e2409ca4bc1ce22418bbeb8f39e2a2145260ebe91aac46f73

    Score
    3/10
    execution
    behavioral25behavioral26

    • Target

      botnet-main/methods/cookie.js

    • Size

      18KB

    • MD5

      125f7da1210cec2a1fb45fba1206e36b

    • SHA1

      f1a59bd0689e91139c242d2074a03e202ddf95ac

    • SHA256

      98f331b1c9955c24e0a9b00bbf4700e0d9cd64b86aa15f6873cd67b730a8e25d

    • SHA512

      6fea19d1b8495eefce3bfd8ca95971880646d39643de1eaa399060fc2a97205a3f1c352e2e665dca8d74d046b16a4ce6a1783e9b72d15a6eb6f56168377b2c4e

    • SSDEEP

      384:wqeO8z6vBFeY1CtNFXcCZZVyO1kofBE0Z9RW:Dec8cCDVlk6BXZ9RW

    Score
    3/10
    execution
    behavioral27behavioral28

    • Target

      botnet-main/methods/dirz

    • Size

      1B

    • MD5

      68b329da9893e34099c7d8ad5cb9c940

    • SHA1

      adc83b19e793491b1c6ea0fd8b46cd9f32e592fc

    • SHA256

      01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b

    • SHA512

      be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09

    Score
    1/10
    behavioral29behavioral30

    • Target

      botnet-main/methods/dns.js

    • Size

      764B

    • MD5

      6c6a8d6bfe1b291e79bdb7e6677f48f7

    • SHA1

      0b5412ea7e36bffec15ef2d69f75b882932bc052

    • SHA256

      51dda3db5fb3ee4651259645d9dc69a08f66f0f2a7234a63f531e00339c2d4cf

    • SHA512

      555ab9686a917b5c45865524ec2e0c412d687f8f567f93cb6c85c8bb30dfd8fbc5d4c3bb624c03d0ccb376e8637cad4ac5ec0b6c77e125bb512edef9ea82c5ba

    Score
    3/10
    execution
    behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

Score
1/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

execution
Score
3/10

behavioral4

execution
Score
3/10

behavioral5

execution
Score
3/10

behavioral6

execution
Score
3/10

behavioral7

execution
Score
3/10

behavioral8

execution
Score
3/10

behavioral9

execution
Score
3/10

behavioral10

execution
Score
3/10

behavioral11

execution
Score
3/10

behavioral12

execution
Score
3/10

behavioral13

execution
Score
3/10

behavioral14

execution
Score
3/10

behavioral15

execution
Score
3/10

behavioral16

execution
Score
3/10

behavioral17

execution
Score
3/10

behavioral18

execution
Score
3/10

behavioral19

execution
Score
3/10

behavioral20

execution
Score
3/10

behavioral21

execution
Score
3/10

behavioral22

execution
Score
3/10

behavioral23

execution
Score
3/10

behavioral24

execution
Score
3/10

behavioral25

execution
Score
3/10

behavioral26

execution
Score
3/10

behavioral27

execution
Score
3/10

behavioral28

execution
Score
3/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

execution
Score
3/10

behavioral32

execution
Score
3/10