SMBWorm

SMB worm with lateral movement. NetShareEnum + WNetGetConnectionW for SMB share enumeration. IcmpSendEcho for network host discovery. CryptStringToBinaryA for Base64 C2 address decoding. CoGetObject COM UAC bypass. Entropy 7.99 maximum packing.

Threat Profile
Type Botnet
Programming LanguageC
C2 ProtocolTCP/SMB
First Seen2023
Targets Küresel
Purpose / Capabilities
  • Lateral Movement/Worm
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

SMBWorm LBB_pass.bin -- NetShareEnum WNetGetConnectionW SMB Ag Paylasim Yayilma, IcmpSendEcho ICMP Ag Kesfi, CryptStringToBinaryA Base64 C2 Adres Decode, Entropi 7.99 Maksimum Paketleme, CoGetObject COM UAC Bypass | Kritik

SMBWorm LBB_pass.bin PE32 x86. NetShareEnum WNetGetConnectionW SMB ag paylasim yayilma. IcmpSendEcho ICMP ag kesfi. CryptStringToBinaryA Base64 C2 decode. Entropi 7.99 maksimum paketleme. CoGetObject COM UAC bypass.

Read Report →