SDBbot

Malware updated 5 months ago (2024-05-04T20:57:33.211Z)
Download STIX
Preview STIX
SDBbot is a malicious software (malware) that infiltrates computer systems typically through deceptive downloads, emails, or websites. In the context of cyber threats, it falls under the category of custom malware, used by threat groups such as GOLD TAHOE. Other common offensive security tools and commodity malware include Cobalt Strike, PowerShell Empire, and SystemBC. Once inside a system, SDBbot can steal personal information, disrupt operations, or hold data hostage for ransom. It moves laterally within the compromised network, exfiltrates data, and deploys the Cl0p ransomware on as many systems as possible. The cybercriminal group Graceful Spider (also known as TA505, Gold Evergreen, TEMP.Warlock, Hive0065, Chimborazo, FIN11) distributed spearphishing emails impersonating Onehub in 2019 to trick users into downloading the SDBbot remote access trojan (RAT). This RAT has typical functionalities such as command shell, video recording of the screen, remote desktop, port forwarding, and file system access. The SDBbot RAT installers are x64-packed and decrypt parts of SDBbot’s code and strings upon execution. Using the domain admin, the actor was able to compromise several other accounts and execute malicious services and persistence mechanisms, namely SDBbot RAT Loaders. The email was designed to extract Active Directory (AD) discovery data and user credentials and to infect the environment with the SDBbot RAT. Proofpoint researchers speculate that the reboot functionality in the Get2 downloader is used to continue SDBbot’s execution after installation in the TA505 campaigns. The RAT component, named “BotDLL[.]dll”, stores its Command and Control servers (C&Cs) in a plaintext string or file (“ip.txt”).
Description last updated: 2024-05-04T16:08:32.010Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Malware
Rat
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the SDBbot Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more