{
	"id": "92417537-dec5-490c-9108-960437d8ba32",
	"created_at": "2026-04-06T02:10:58.985395Z",
	"updated_at": "2026-04-10T13:12:46.858938Z",
	"deleted_at": null,
	"sha1_hash": "cc121a5e9945d2cae0d44909926188f868053f59",
	"title": "CamuBot (Malware Family)",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 29377,
	"plain_text": "CamuBot (Malware Family)\r\nBy Fraunhofer FKIE\r\nArchived: 2026-04-06 02:01:58 UTC\r\nThere is no lot of IOCs in this article so we take one sample and try to extract some interesting IOCs, our findings\r\nbelow :\r\nCamuBot sample : 37ca2e37e1dc26d6b66ba041ed653dc8ee43e1db71a705df4546449dd7591479\r\nC:\\Users\\user~1\\AppData\\Local\\Temp\\protecao.exe :\r\n0af612461174eedec813ce670ba35e74a9433361eacb3ceab6d79232a6fe13c1\r\nC:\\Users\\user~1\\AppData\\Local\\Temp\\Renci.SshNet.dll :\r\n3E3CD9E8D94FC45F811720F5E911B892A17EE00F971E498EAA8B5CAE44A6A8D8\r\nC:\\ProgramData\\m.msi :\r\nAD90D4ADFED0BDCB2E56871B13CC7E857F64C906E2CF3283D30D6CFD24CD2190\r\nProtecao.exe try to download hxxp://www.usb-over-network.com/usb-over-network-64bit.msi\r\nA new driver is installed : C:\\Windows\\system32\\drivers\\ftusbload2.sys :\r\n9255E8B64FB278BC5FFE5B8F70D68AF8\r\nftusbload2.sys set 28 IRP handlers.\r\n[TLP:WHITE] win_camubot_auto (20201014 | autogenerated rule brought to you by yara-signator)\r\nSource: https://malpedia.caad.fkie.fraunhofer.de/details/win.camubot\r\nhttps://malpedia.caad.fkie.fraunhofer.de/details/win.camubot\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://malpedia.caad.fkie.fraunhofer.de/details/win.camubot"
	],
	"report_names": [
		"win.camubot"
	],
	"threat_actors": [],
	"ts_created_at": 1775441458,
	"ts_updated_at": 1775826766,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cc121a5e9945d2cae0d44909926188f868053f59.pdf",
		"text": "https://archive.orkl.eu/cc121a5e9945d2cae0d44909926188f868053f59.txt",
		"img": "https://archive.orkl.eu/cc121a5e9945d2cae0d44909926188f868053f59.jpg"
	}
}