Overview

overview

10

Static

static

马尼拉�...md.exe

windows7_x64

10

马尼拉�...md.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    马尼拉公厕碎尸女教师!只因不愿做校长情人.cmd

  • Size

    1.4MB

  • Sample

    210922-bax7sadeem

  • MD5

    5c2c312c218ccfa377a60d137f1b23a6

  • SHA1

    2fedf0e6524abb785897667b8be852df810d15d4

  • SHA256

    7e2a64b1518d22cdb493edbbbde9d69d3e81c2c4da3fc8bd3defd931b989ba8c

  • SHA512

    fb34d4647b0dee5fe856c046f547caf2fac957955ef9318186fdc759555178fb80c0eaf2c16fbefcc7d2bda73a30d2a07a05ef6caed1b58b627d805990430129

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      马尼拉公厕碎尸女教师!只因不愿做校长情人.cmd

    • Size

      1.4MB

    • MD5

      5c2c312c218ccfa377a60d137f1b23a6

    • SHA1

      2fedf0e6524abb785897667b8be852df810d15d4

    • SHA256

      7e2a64b1518d22cdb493edbbbde9d69d3e81c2c4da3fc8bd3defd931b989ba8c

    • SHA512

      fb34d4647b0dee5fe856c046f547caf2fac957955ef9318186fdc759555178fb80c0eaf2c16fbefcc7d2bda73a30d2a07a05ef6caed1b58b627d805990430129

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet Payload

      botnet

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks