KBOT C&C Malware - NoVirusThanks Blog
Tags
attack-pattern: Data Malware - T1587.001 Malware - T1588.001 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID ce38bf73-9214-44cc-a857-5a874e7905f2
Fingerprint 6434b93dec0087d3
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 27, 2012, 2:10 a.m.
Added to db Jan. 18, 2023, 7:36 p.m.
Last updated Nov. 17, 2024, 11:40 p.m.
Headline KBOT C&C Malware
Title KBOT C&C Malware - NoVirusThanks Blog
Detected Hints/Tags/Attributes 15/1/70
Source URLs
Redirection Url
Details Source http://blog.novirusthanks.org/2012/11/kbot-cc-malware/
URL Provider
Details Provider Source level domain
Details novirusthanks.org blog.novirusthanks.org
Attributes
Details Type #Events CTI Value
Details Domain 6 
sytes.net
Details Domain 12 
ovh.net
Details Domain 1 
ns224291.ovh
Details Domain 2 
h4r3.hopto.org
Details Domain 1 
ns224291.ovh.net
Details Domain 1 
ovatec.fr
Details File 92 
c:\windows\system32\svchost.exe
Details File 1 
%temp%\data1.dmp
Details File 1 
%temp%\data2.dmp
Details File 1 
%temp%\data.dmp
Details File 1206 
index.php
Details File 1 
%userprofile%\crss.exe
Details File 1 
%userprofile%\documents\crss.exe
Details File 1 
%userprofile%\downloads\crss.exe
Details File 101 
gate.php
Details File 1 
minchrxxx.exe
Details File 2 
aut2.tmp
Details File 1 
%temp%\aut2.tmp
Details File 1 
%userprofile%\explorer.exe
Details File 1 
%userprofile%\documents\explorer.exe
Details File 1 
%userprofile%\downloads\explorer.exe
Details File 3 
aut3.tmp
Details File 1 
%temp%\aut3.tmp
Details File 1 
spyxxxxx.exe
Details File 1 
88518.exe
Details File 3 
11.exe
Details File 1 
an26.exe
Details File 1 
lock26.exe
Details File 1 
min26.exe
Details File 1 
ppi.exe
Details File 1 
spy.exe
Details md5 1 
cb119a6b42da7bba1b6151f2e0bd6f1e
Details md5 1 
A7A21220689BD796F6B74E5D983D810E
Details md5 1 
CB119A6B42DA7BBA1B6151F2E0BD6F1E
Details md5 1 
C10DBECA73F8835240E08E4511284B83
Details md5 1 
91b13d987937c800f33458f17f320651
Details md5 1 
91B13D987937C800F33458F17F320651
Details md5 1 
3c08ae8e84c87b4f5f916d3ac9f6fa07
Details md5 1 
3C08AE8E84C87B4F5F916D3AC9F6FA07
Details md5 1 
576B13CB892DA082AEB395D43E910654
Details md5 1 
E6854368B0BE650F336147351EB23C1E
Details md5 1 
753E06472FF07E7620498F828E726A54
Details md5 1 
D21E13CCA5BDCBB506B19118B95BFF44
Details md5 1 
BE33C2C5856136E496DC1F3155533DC7
Details md5 1 
145D31147D440DC42380E90C9A3375DA
Details md5 1 
03E5C843E2BD8339DB31ED4F8A407C1D
Details md5 1 
3CD58F4D27F42AEFF79C7813FF772CF9
Details sha1 1 
6ef12a9ac49aca2bf8814ce5385fa4215395f59e
Details sha1 1 
5c8b462a7fcf4e89daf59231f8300f13e59ee623
Details sha1 1 
a6cf2f278ba2f09c8bdcd6527b362267d580940c
Details sha1 1 
b3b30bec507ed43f39b8a62a238cee792be8eea2
Details sha1 1 
2c2f39ede684ba2ca02597e6d9b182bbd1997de4
Details sha1 1 
afe10513e0a62ab8f327fa6963711f53aab6dc70
Details sha256 1 
e596583dbc0d0190dabe5965ab8c234c274089f620ba027829e6b556c2372e81
Details sha256 1 
bbba88e36d374c1f431c346f006a637fac18b491e6f12abb609f20c2f6bcf47b
Details sha256 1 
a488c36048a6c0f3dc0eab6069c3c73632438bfff902ae2722b74984abbb7b62
Details sha256 1 
2ca6df7e6796d99353e8407ab5db936250e9c446b9eb55ffe246c76c93abfed9
Details sha256 1 
37c30e45f4d946cbf1952ebb1d7b4d1cea83380975849128ef729960329519a8
Details sha256 1 
642cf5ad05472ad2729c9c06ee7aa0ccb4e5d3e5b37a804e62ccbccaec902b63
Details IPv4 1 
65.55.21.21
Details IPv4 1 
91.234.106.251
Details IPv4 2 
8.23.224.90
Details IPv4 1 
46.105.116.182
Details IPv4 1441 
127.0.0.1
Details IPv4 1 
68.168.119.237
Details IPv4 2 
213.186.33.87
Details Url 1 
http://wedontforget.ogspy
Details Url 1 
http://68.168.119.237:80
Details Url 1 
http://ns224291.ovh
Details Url 1 
http://h4r3.hopto