Overview

overview

10

Static

static

震惊!2...at.exe

windows7_x64

10

震惊!2...at.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    震惊!20岁美女在“柬埔寨”被2名推广男轮奸分尸视频.bat

  • Size

    2.1MB

  • Sample

    210922-zr7dsagdhp

  • MD5

    ff64906b11528c53152738a2bd6c9caf

  • SHA1

    fe4abda528c86c99d3216d4bc0148e59ab579dcb

  • SHA256

    fcf27e26346dcf0dc51de742d85f75ca0e56d89cba70932b90dd4d11311e38b9

  • SHA512

    ab22a94f3a3014e35d721696294ebfe1d2c72dee031b5ce8c5e349cf824e4533b1fcf4f36e6b0d12c6977bd0af98c3826f36f58ee6f19eb9d848cee15bfbfbae

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      震惊!20岁美女在“柬埔寨”被2名推广男轮奸分尸视频.bat

    • Size

      2.1MB

    • MD5

      ff64906b11528c53152738a2bd6c9caf

    • SHA1

      fe4abda528c86c99d3216d4bc0148e59ab579dcb

    • SHA256

      fcf27e26346dcf0dc51de742d85f75ca0e56d89cba70932b90dd4d11311e38b9

    • SHA512

      ab22a94f3a3014e35d721696294ebfe1d2c72dee031b5ce8c5e349cf824e4533b1fcf4f36e6b0d12c6977bd0af98c3826f36f58ee6f19eb9d848cee15bfbfbae

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet Payload

      botnet

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks