New Threat: A Deep Dive Into the Zergeca Botnet
July 5, 2024, 4:21 p.m.
Tags
External References
Description
An analysis of a newly discovered botnet named Zergeca, implemented in Go language, with capabilities for DDoS attacks, proxying, scanning, self-upgrading, persistence, file transfer, reverse shell, and collecting sensitive device information. The report delves into the botnet's unique features, including its multi-DNS resolution methods, encrypted communication protocol, and connection to a previously used IP address associated with Mirai botnets. The analysis covers sample detection, infrastructure details, reverse engineering findings, and provides insights into the author's techniques and expertise.
Date
Published: July 5, 2024, 3:33 p.m.
Created: July 5, 2024, 3:33 p.m.
Modified: July 5, 2024, 4:21 p.m.
Indicators
cea6e4aa15d7c6a2b2c794a660afaf96d43462e0b74436600a2c8a2288ad0c27
b55b1947a11de7ee2cb3aaede12ce15c85abf2b607d1ebd8f5ed56e3a6ef7c43
7e62e3e8911c0cb19df3477df0603fddeff82223e1cc6da7fb1698f512ff2cd2
6b81d548c0fbd7a2275bb0d29deca0de96c1584ce7aadaf4f5dac3cb28ee9c29
7db9189afd00c2b60b7f892ef1b86d040fb1cf02145c7d2e414ef77ba3335c11
2e9df8987212300815928e0426e9358b1380a1eaba38270d03dd69e421686b5b
0dbbe5616de71c5753768de555203fb9eb2f1e72a8cb5bdce0559bc5cdfa3b2e
31.6.16.33
145.239.108.150
84.54.51.82
bot.hamsterrace.space
network.target
multi-user.target
Attack Patterns
Zergeca
T1609
T1195.002
T1021.001
T1583.003
T1059.004
T1071.001
T1059.002
T1082
T1499
T1190
Additional Informations
Canada
Germany
United States of America