New Threat: A Deep Dive Into the Zergeca Botnet

July 5, 2024, 4:21 p.m.

Description

An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, including its multi-DNS resolution methods, encrypted communication protocol, and connection to a previously used IP address associated with Mirai botnets. The analysis covers sample detection, infrastructure details, reverse engineering findings, and provides insights into the author's techniques and expertise.

External References

https://blog.xlab.qianxin.com/a-deep-dive-into-the-zergeca-botnet
https://otx.alienvault.com/pulse/66881254e482093db1d6f9ba
Tags
persistence
ddos
botnet
2024-07-05
go
zergeca
CVE-2018-10562
CVE-2018-10561
CVE-2016-20016
CVE-2022-35733
CVE-2017-17215

Date

  • Created: July 5, 2024, 3:33 p.m.
  • Published: July 5, 2024, 3:33 p.m.
  • Modified: July 5, 2024, 4:21 p.m.

Indicators

  • cea6e4aa15d7c6a2b2c794a660afaf96d43462e0b74436600a2c8a2288ad0c27
  • b55b1947a11de7ee2cb3aaede12ce15c85abf2b607d1ebd8f5ed56e3a6ef7c43
  • 7e62e3e8911c0cb19df3477df0603fddeff82223e1cc6da7fb1698f512ff2cd2
  • 6b81d548c0fbd7a2275bb0d29deca0de96c1584ce7aadaf4f5dac3cb28ee9c29
  • 7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
  • 2e9df8987212300815928e0426e9358b1380a1eaba38270d03dd69e421686b5b
  • 0dbbe5616de71c5753768de555203fb9eb2f1e72a8cb5bdce0559bc5cdfa3b2e
  • 31.6.16.33
  • 145.239.108.150
  • 84.54.51.82
  • bot.hamsterrace.space
  • network.target
  • multi-user.target
Download all indicators here!

Attack Patterns

  • Zergeca

Additional Informations

  • Canada
  • Germany
  • United States of America