Overview

overview

10

Static

static

“老挝�...at.exe

windows7_x64

10

“老挝�...at.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    “老挝金三角特区”5名中国人轮奸一名女狗推!.bat

  • Size

    1.9MB

  • Sample

    210922-avmq4sdedn

  • MD5

    3bc85a852420f351bb22b006ad59a785

  • SHA1

    bc8c6b4164ca9900218d9b300354e4b06c42567d

  • SHA256

    18984d5f98b9d1955336d1838ff42f2837a1f79cd4ed6f407c94aa86274da706

  • SHA512

    646b840538584b0d75f716f7620372f997c2a1c0b58818297b7802c5901514a4efc0ce09df99f7700c59f2c296831073725bfc65361b9dd8890a53a515eca362

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      “老挝金三角特区”5名中国人轮奸一名女狗推!.bat

    • Size

      1.9MB

    • MD5

      3bc85a852420f351bb22b006ad59a785

    • SHA1

      bc8c6b4164ca9900218d9b300354e4b06c42567d

    • SHA256

      18984d5f98b9d1955336d1838ff42f2837a1f79cd4ed6f407c94aa86274da706

    • SHA512

      646b840538584b0d75f716f7620372f997c2a1c0b58818297b7802c5901514a4efc0ce09df99f7700c59f2c296831073725bfc65361b9dd8890a53a515eca362

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet Payload

      botnet

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks