Home Security Advisory Security Advisory – Malware Targeting Linux

Security Advisory

Security Advisory – Malware Targeting Linux

November 17, 2021

778

Summary

Abcbot Botnet is a new evolving botnet which is found in wild having worm like propagation features and targeting Linux systems to perform Distributed Denial-of-Service (DDoS) attack on target organizations. The malware was first launched on July-2021 but the latest version of the malware is evolving.

Indicators of Compromise:

Hashes

SHA-1	Description	ESET detection name
E69E69FBF438F898729E0D99EF772814F7571728	MSI downloader for “decoy ZIP”	Win32/TrojanDownloader.Delf.CQR
4A1C48064167FC4AD5D943A54A34785B3682DA92	MSI installer	Win32/Spy.Numando.BA
BB2BBCA6CA318AC0ABBA3CD53D097FA13DB85ED0	Numando banking trojan	Win32/Spy.Numando.E
BFDA3EAAB63E23802EA226C6A8A50359FE379E75	Numando banking trojan	Win32/Spy.Numando.AL
9A7A192B67895F63F1AFDF5ADF7BA2D195A17D80	Numando banking trojan	Win32/Spy.Numando.AO
7789C57DCC3520D714EC7CA03D00FFE92A06001A	DLL with overlay window images	Win32/Spy.Numando.P

Abused legitimate applications

Example SHA-1	EXE name	DLL name
A852A99E2982DF75842CCFC274EA3F9C54D22859	nvsmartmaxapp.exe	nvsmartmax.dll
F804DB94139B2E1D1D6A3CD27A9E78634540F87C	VBoxTray.exe	mpr.dll
65684B3D962FB3483766F9E4A9C047C0E27F055E	Dumpsender.exe	Oleacc.dll

C&C servers

138.91.168[.]205:733
20.195.196[.]231:733
20.197.228[.]40:779

Delivery URLs

https://enjoyds.s3.us-east-2.amazonaws[.]com/H97FJNGD86R.zip
https://lksluthe.s3.us-east-2.amazonaws[.]com/B876DRFKEED.zip
https://procjdcals.s3.us-east-2.amazonaws[.]com/HN97YTYDFH.zip
https://rmber.s3.ap-southeast-2.amazonaws[.]com/B97TDKHJBS.zip
https://sucessmaker.s3.us-east-2.amazonaws[.]com/JKGHFD9807Y.zip
https://trbnjust.s3.us-east-2.amazonaws[.]com/B97T908ENLK.zip
https://webstrage.s3.us-east-2.amazonaws[.]com/G497TG7UDF.zip

Recommendation:

Keep systems and workstations updated to latest version.
ENROLL in the DDoS protection service
Monitor the network traffic all the time for malicious traffic sent by threat actor

References:

Abcbot — A New Evolving Wormable Botnet Malware Targeting Linux (thehackernews.com)

Abcbot, an evolving botnet (360.com)

Security Advisory – Malware Targeting Linux

Summary

Hashes

Abused legitimate applications

C&C servers

Delivery URLs

Recommendation:

References:

POPULAR CATEGORIES

Must Read

Using a single set of mouse and keyboard to work with multiple machines

FAQs About How To Get Bitcoins For Free

Windows dark mode forced on chrome browser

Windows 10 Clean Boot

Microsoft Exchange Log Volume keeps increasing

POPULAR POSTS

Unable to change time zone in Windows Server 2019

How to set Microsoft Edge home page using group policy

MS SQL Server 2016 Secondary Replica Database Status “Not Synchronizing”

POPULAR CATEGORY