RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab

Home/BOTNET, Compromised, Data Breach, DDOS, Exploitation, Internet Security, Malware, Mobile Security, Security Advisory, Security Update, Targeted Attacks/RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab

RapperBot Crew Drops DDoS/CryptoJacking Botnet Collab

New samples of it RapperBot botnet malware, reviewed by experts security, they have added cryptomining capabilities to mine cryptocurrency from hacked machines with Intel x64.

RapperBot

The RapperBot campaign is bringing in some fresh talent to its arsenal of malware beats, adding cryptomining capability to its existing distributed denial-of-service (DDoS) botnet malware in order to expand its financial horizons.

According to analysis by Fortinet’s FortiGuard Labs, the malware is a customized variant of the well-known XMRig Monero miner, tailored specifically for Intel x64 machines.

Once a device is infected, it becomes a node in the botnet, allowing the hacker to use it for various purposes. In many cases, owners of infected devices are completely unaware that their devices have been compromised, making botnets a particularly insidious threat.

XMRig is an open-source Monero miner, and its incorporation by a DDoS botnet that specializes in infesting consumer IoT gear makes sense, according to FortiGuard researchers.

FortiGuard analysts first noticed that something was new with RapperBot in late January, when they collected a significantly larger x64 sample than is common for the malware.

“On further analysis, we verified that the bot developers had merged the RapperBot C source code with the C++ code of XMRig Monero miner to create a combined bot client with mining capabilities,” they explained.

Merging the two together instead of deploying them separately offers a few advantages, according to the analysis. 

The Researchers discovered that the latest version supports the following commands:

  • Perform DDoS attacks (UDP, TCP and HTTP GET)
  • Stop DDoS attacks
  • Terminate itself

IOCs – RapperBot

Files

RapperBot

7c9e6d63bc1f26e9c8a8703439e12de12da9892f2d6cd9bda5f45ec00c98a29f

912e151641f20f9d689c6ea26cf6f11d5ee0b6fdc4d4a1179fac413391748c65

f06d698967cee77e5a7bf9835b0a93394097e7590c156ed0d8c6304345701cfa

6c034ff9b5447da62822e3231e5e2d5db225756b3e216f6fc469469cb1d81813

dfaffe78b8ccb03626c2f55596f977da917e8e9a00ee7576ce9eca688d88447d

95aa6882f5ea5a892ef832ef15dea77261394a7fec6db9d91267d40f1cf2bfa5

XMRig miner

0ad68d5804804c25a6f6f3d87cc3a3886583f69b7115ba01ab7c6dd96a186404

Bash scripts

bd87ac780e574ae8415907f88a3b48af578bb269308b56826e2f33438559e4b7

3296598c79748322dfff8eb786705d048725c04b23dd3a293f52a1acafe9e7ae

7f6e0fa785820075a61819ca6b272a239733b770eb8a92a4056cf5d26d89795f 

Download URLs

hxxp://109[.]206[.]243[.]207/d

hxxp://109[.]206[.]243[.]207/ssh/arm4

hxxp://109[.]206[.]243[.]207/ssh/arm5

hxxp://109[.]206[.]243[.]207/ssh/arm6

hxxp://109[.]206[.]243[.]207/ssh/arm7

hxxp://109[.]206[.]243[.]207/ssh/bot

hxxp://109[.]206[.]243[.]207/ssh/scan_arm4

hxxp://109[.]206[.]243[.]207/ssh/scan_arm5

hxxp://109[.]206[.]243[.]207/ssh/scan_arm6

hxxp://109[.]206[.]243[.]207/ssh/scan_arm7

hxxp://109[.]206[.]243[.]207/ssh/x86_64

hxxp://109[.]206[.]243[.]207/ssh/xmrig

hxxp://171[.]22[.]136[.]15/arm4

hxxp://171[.]22[.]136[.]15/arm5

hxxp://171[.]22[.]136[.]15/arm6

hxxp://171[.]22[.]136[.]15/arm7

C2s

109[.]206[.]243[.]207

171[.]22[.]136[.]15

Mining Pools

109[.]206[.]243[.]207:31271

109[.]206[.]243[.]207:25621

pool[.]hashvault[.]pro:80

Monero Wallets

43Zs6jyniktVUNfiN8NY16TrvFKWbx3qogoRvstuquZdVA8EXvhqhz1W4hUzpjQXHAf3pDQ8UXxegFh8G26uCycKPz41ceW

47RupsxSjeHb4sHMwJ681vbjpFHAwXg6kMn1znbioqy96Qj9j2VuHrD2mXsEReELEdjRsDVKBK3Ru3diW3AgZ41Z7mzDwb4

SSH Key

AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ== system key generated by server 20220709

Follow Us on: Twitter, InstagramFacebook to get the latest security news!

Post Views: 312
By | 2023-05-17T20:33:44+05:30 May 12th, 2023|BOTNET, Compromised, Data Breach, DDOS, Exploitation, Internet Security, Malware, Mobile Security, Security Advisory, Security Update, Targeted Attacks|

About the Author:

FirstHackersNews- Identifies Security

Related Posts

Leave A Comment

Subscribe to our newsletter to receive security tips everday!