A dissection of the KmsdBot
2023-04-22 | 12:30 – 12:55
The presentation will document the KmsdBot discovered and documented by Larry Cashdollar and Allen West. We will discuss the initial discovery, static and dynamic code analysis, some reverse engineering techniques in regard to Go lang static binaries, the command and control protocol, code created to speak with the C2, the attack capabilities, and crypto mining functionality. We will then discuss how the bot spreads and infects targeted hosts. Finally, we will discover the bot crashing due to a lack of error checking and the bot being rebuilt shortly after. The talk will have a recorded demonstration of the bot communicating with our C2 and sending attack traffic, also we will show a demonstration of the bot crashing.