SMBWorm
SMB worm with lateral movement. NetShareEnum + WNetGetConnectionW for SMB share enumeration. IcmpSendEcho for network host discovery. CryptStringToBinaryA for Base64 C2 address decoding. CoGetObject COM UAC bypass. Entropy 7.99 maximum packing.
Threat Profile
Type
Botnet
Programming LanguageC
C2 ProtocolTCP/SMB
First Seen2023
Targets
Küresel
Purpose / Capabilities
- Lateral Movement/Worm
No C2 servers have been identified for this family yet.
Research Reports (1)
SMBWorm LBB_pass.bin -- NetShareEnum WNetGetConnectionW SMB Ag Paylasim Yayilma, IcmpSendEcho ICMP Ag Kesfi, CryptStringToBinaryA Base64 C2 Adres Decode, Entropi 7.99 Maksimum Paketleme, CoGetObject COM UAC Bypass | Kritik
SMBWorm LBB_pass.bin PE32 x86. NetShareEnum WNetGetConnectionW SMB ag paylasim yayilma. IcmpSendEcho ICMP ag kesfi. CryptStringToBinaryA Base64 C2 decode. Entropi 7.99 maksimum paketleme. CoGetObject COM UAC bypass.
Read Report →