Overview

overview

10

Static

static

行贿警�...md.exe

windows7_x64

10

行贿警�...md.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    行贿警察、组织卖淫、开设赌场,攫金6_5亿的“黑金帝国”.cmd

  • Size

    2.0MB

  • Sample

    210922-zz5vxsgebr

  • MD5

    0889ac4ebfcc906fa3dc17f3a97862da

  • SHA1

    dcf4239b4535a3bc4a2a83fadab113984421d086

  • SHA256

    07ebb19e273995bef00aa19ad538b5cacb5eb0527288c3f5a31be66bfc1d9bb9

  • SHA512

    419d4c89cd9607e2140b0f1eb49c47ed2a0998d40777914bf5b443e5c6906da875407f769b286da390b36f19fcdd9411dd0b6583e3513d1460d3e11533e45bf3

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      行贿警察、组织卖淫、开设赌场,攫金6_5亿的“黑金帝国”.cmd

    • Size

      2.0MB

    • MD5

      0889ac4ebfcc906fa3dc17f3a97862da

    • SHA1

      dcf4239b4535a3bc4a2a83fadab113984421d086

    • SHA256

      07ebb19e273995bef00aa19ad538b5cacb5eb0527288c3f5a31be66bfc1d9bb9

    • SHA512

      419d4c89cd9607e2140b0f1eb49c47ed2a0998d40777914bf5b443e5c6906da875407f769b286da390b36f19fcdd9411dd0b6583e3513d1460d3e11533e45bf3

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet Payload

      botnet

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks