Overview

overview

10

Static

static

'缅北菠...at.exe

windows7_x64

10

'缅北菠...at.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    '缅北菠菜”女狗推过来菲后惨遭猥琐强奸活埋视频.bat

  • Size

    492KB

  • Sample

    210922-a3g6laagh6

  • MD5

    03425c5250ee08fdc2c040625cf81459

  • SHA1

    56a7fdedebe3ec7822155b1925b43046500b9fbb

  • SHA256

    4b008912e8e53602f958522a55f7dca2c32b98d5793e417d50a56506f738802d

  • SHA512

    79c960a7b1a6f9e099a369c8e7bcc90af5c9778c26c2bcf499bae2a014fa976bc3a3be6b25ea000376e5520753ab602f13429e64c804cb6e2643024e64383bd9

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      '缅北菠菜”女狗推过来菲后惨遭猥琐强奸活埋视频.bat

    • Size

      492KB

    • MD5

      03425c5250ee08fdc2c040625cf81459

    • SHA1

      56a7fdedebe3ec7822155b1925b43046500b9fbb

    • SHA256

      4b008912e8e53602f958522a55f7dca2c32b98d5793e417d50a56506f738802d

    • SHA512

      79c960a7b1a6f9e099a369c8e7bcc90af5c9778c26c2bcf499bae2a014fa976bc3a3be6b25ea000376e5520753ab602f13429e64c804cb6e2643024e64383bd9

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet Payload

      botnet

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks