Overview

overview

10

Static

static

QQ??202102...ng.exe

windows7_x64

10

QQ??202102...ng.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21ba184b544b496893283fd1bcae6e54bf10ac7d6db461741416bf46c0f2866f

  • Size

    522KB

  • Sample

    220207-aj78nsdbd2

  • MD5

    093aab0489f1b55babf45a451d3a541f

  • SHA1

    0f76979bb890bdb7092f0ea901e358e34d94ee95

  • SHA256

    21ba184b544b496893283fd1bcae6e54bf10ac7d6db461741416bf46c0f2866f

  • SHA512

    4c2d4fedef16b03159c2e6304630f042d8c71ee6bf105553c034d691940a0080a064cc54351e953d89f63ca6befe8f3b16250d9d9ba3db59349319e74fa6378c

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Targets

    • Target

      QQ??20210215172826.png.exe

    • Size

      652KB

    • MD5

      a51a46c7fa4f1d1325c1e892f66df554

    • SHA1

      5e2c99b08a93659df6b8220b8707752f03760c17

    • SHA256

      ab2a7fbeb63227168b92cbff7e4b11e5bfe4d0f4efac6dd818d2c2b62ad0021b

    • SHA512

      e7c8d360160405686c74bff1494c9e348f47ff4d0c15c3e9696caea1b890e4a0b510a7687c615a53cf7f0c0a9287e417b50c759f06a69e37f22672ea64f916d1

    Score
    10/10
    chinese_generic_botnetbotnet

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet Payload

      botnet

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks