Overview

overview

10

Static

static

“安溪�...at.exe

windows7_x64

10

“安溪�...at.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    “安溪小伙”在菲惨遭殴打_铁烙_睾丸被切视频.bat

  • Size

    1.9MB

  • Sample

    210922-bl8snadefm

  • MD5

    90fd196461d352414fccfaa316270230

  • SHA1

    89c3a886a6f25365d21c4676e949babd8f7c4c37

  • SHA256

    677c50086e510566e3b7d2b0a1a7d799caf3fa2ccc30d60d3abb58e32de04bd3

  • SHA512

    d59ba91cd1b5d7be241093f6f46cb459b095900734a71fca7b1b03d4633dcbbae9c70bab27bc95415f49af22db39316a17b48228b49568dd69af6d2edb625ff9

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      “安溪小伙”在菲惨遭殴打_铁烙_睾丸被切视频.bat

    • Size

      1.9MB

    • MD5

      90fd196461d352414fccfaa316270230

    • SHA1

      89c3a886a6f25365d21c4676e949babd8f7c4c37

    • SHA256

      677c50086e510566e3b7d2b0a1a7d799caf3fa2ccc30d60d3abb58e32de04bd3

    • SHA512

      d59ba91cd1b5d7be241093f6f46cb459b095900734a71fca7b1b03d4633dcbbae9c70bab27bc95415f49af22db39316a17b48228b49568dd69af6d2edb625ff9

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet Payload

      botnet

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks