Botception with Necurs: Botnet distributes script with bot capabilities
Tags
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Control Panel - T1218.002 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Rundll32 - T1218.011 Software - T1592.002 Visual Basic - T1059.005 Powershell - T1086 Rootkit - T1014 Rundll32 - T1085 Rootkit
Show in Graph
Common Information
Type Value
UUID d648fc8a-d28d-4bba-a0ec-fbb310f71fc1
Fingerprint b4a8bc8929bfb79f
Analysis status DONE
Considered CTI value 2
Text language
Published April 5, 2018, midnight
Added to db Sept. 26, 2022, 9:31 a.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline List of available regions
Title Botception with Necurs: Botnet distributes script with bot capabilities
Detected Hints/Tags/Attributes 57/2/12
Source URLs
Redirection Url
Details Source https://blog.avast.com/botception-with-necurs-botnet-distributes-script-with-bot-capabilities-avast-threat-labs
URL Provider
Details Provider Source level domain
Details avast.com blog.avast.com
Attributes
Details Type #Events CTI Value
Details File 1 
vbs_w.vbs
Details File 4 
_log.txt
Details File 1018 
rundll32.exe
Details sha256 1 
0089a6e7e92b75952f5c2e3a04a7ab65133f4cca732bc96ecb0a34389d8fc7f4
Details sha256 1 
dae17df6225f05e99bf0e84b3a8438560befc7eb6bd07a7b4d4e451ec33b6a5f
Details sha256 1 
3011126b5210298d843d6d3b84143be292633a4a7c0d14e947ae6be11b74ce2f
Details sha256 1 
676abca2210742e57b432558276b616b1e4e5286c772aed8c63efed230ff2430
Details Windows Registry Key 1 
HKEY_CURRENT_USER\Software\ARRSSS
Details Windows Registry Key 2 
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
Details Windows Registry Key 2 
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Details Windows Registry Key 1 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Details Windows Registry Key 164 
HKLM\SOFTWARE\Microsoft\Windows