General

  • Target

    0da182d4a35ca4c180e55b48895b16abc1d94b1d464b726c5018d6ff847e3116

  • Size

    432KB

  • Sample

    220502-wz3tsafden

  • MD5

    9fbcc7ee6dd506ce3fbe3fdf60a1a98a

  • SHA1

    073849e1716fb74022c2465f9aa06e064c4ea63e

  • SHA256

    0da182d4a35ca4c180e55b48895b16abc1d94b1d464b726c5018d6ff847e3116

  • SHA512

    bbfb70dd42ddd5201bd6fd4871b42f311d99fcb93cb9b576407073ec8b1b8a46374b3b8d7cd527dfa94f4bfe6c91d7419392236bf9a9f0fbce13170e444e89d1

Malware Config

Targets

    • Target

      0da182d4a35ca4c180e55b48895b16abc1d94b1d464b726c5018d6ff847e3116

    • Size

      432KB

    • MD5

      9fbcc7ee6dd506ce3fbe3fdf60a1a98a

    • SHA1

      073849e1716fb74022c2465f9aa06e064c4ea63e

    • SHA256

      0da182d4a35ca4c180e55b48895b16abc1d94b1d464b726c5018d6ff847e3116

    • SHA512

      bbfb70dd42ddd5201bd6fd4871b42f311d99fcb93cb9b576407073ec8b1b8a46374b3b8d7cd527dfa94f4bfe6c91d7419392236bf9a9f0fbce13170e444e89d1

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

    • Chinese Botnet Payload

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks