chinese_generic_botnet | fe0c0b0b671cccf510ee1075e6c73ad61f24ab8390ca608916861eb6385a6eb1

Analysis

max time kernel
16s
max time network
154s
platform
windows7_x64
resource
win7-20220414-en
submitted
25/05/2022, 01:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

fe0c0b0b671cccf510ee1075e6c73ad61f24ab8390ca608916861eb6385a6eb1.exe
Size

4.2MB
MD5

a97298f5d70fd3eb9c46bc5bb14b6cd6
SHA1

7fd6fe0c946ca25386c0402efa6d43f545193b6a
SHA256

fe0c0b0b671cccf510ee1075e6c73ad61f24ab8390ca608916861eb6385a6eb1
SHA512

2c4ee94382590a7a5427dd7c462767e6d6c5c38f379e181a13b1e300c5869f171722519f37eed095efa80449b738e0892fe01be3c38b695380ac86b8d5b2b10f

Score

10^/10

chinese_generic_botnet botnet

Malware Config

Signatures

Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
botnet chinese_generic_botnet

Chinese Botnet Payload 1 IoCs

botnet

resource	yara_rule
behavioral1/memory/1416-4634-0x0000000000400000-0x000000000095E000-memory.dmp	unk_chinese_botnet

C:\Users\Admin\AppData\Local\Temp\fe0c0b0b671cccf510ee1075e6c73ad61f24ab8390ca608916861eb6385a6eb1.exe
"C:\Users\Admin\AppData\Local\Temp\fe0c0b0b671cccf510ee1075e6c73ad61f24ab8390ca608916861eb6385a6eb1.exe"
1⤵
PID:1672
- C:\Users\Public\ÏµÍ³°²È«²¹¶¡.exe
  C:\Users\Public\ÏµÍ³°²È«²¹¶¡.exe
  2⤵
  PID:1168
- - C:\Users\lsass.exe
    C:\Users\lsass.exe
    3⤵
    PID:1416
- - C:\Users\lsass.exe
    C:\Users\lsass.exe
    3⤵
    PID:1052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\ExceptCatch.dll

Filesize
2.7MB

MD5
aadc8962292c560caa2e9e3d39e32c4d

SHA1
a01f04297284783381f950e45efafe3358e8751d

SHA256
3d0ec418284fd1ef419fd8e57ce9adc84be51d1bff4910bb20aa319175a8f661

SHA512
47dec97ae8f57d82326440cb2106836ea8831fdd5d76e36476ef8d0007ab88da0ec757f91cee94d285f4d123376d380c92df6d1ffd0b7a997d9f592a82c7848f

Download Submit
C:\Users\Public\ÏµÍ³°²È«²¹¶¡.exe

Filesize
69KB

MD5
3d924b86f8dc8215ea1dcda84c218ad7

SHA1
bff3baea1ea9f1eef642773382d6e8945fa5bf8c

SHA256
a429ee865286dc2be99cb61ac2ed8f29c148aabd7f77943e65114744bc4df98b

SHA512
bab02ad0a21b44692bf60db8600872290274b44212febae90c6cf99e09a30c516493253da52b3d80b4fe805100e90fde953b8674c4c8e11911e187dd12dbc7ff

Download Submit
C:\Users\lsass.exe

Filesize
2.0MB

MD5
b03c0e3bf47d84324c4dcefac159878e

SHA1
6dde0d9602241a61ce4550124c376257049486f0

SHA256
7ab986781e1f88d46221748be9674a553b9f3f611e31859026a310ba0c1133ac

SHA512
cc5f7dfafc6b677a392f953e92ce8c1dd1140ee037099d2ffab6ed564e8241682a23d55b8a89c54b18fc06d402d6c5620dc0c3083483d3fcce516b28d0108c2b

Download Submit
C:\Users\lsass.exe

Filesize
2.0MB

MD5
b03c0e3bf47d84324c4dcefac159878e

SHA1
6dde0d9602241a61ce4550124c376257049486f0

SHA256
7ab986781e1f88d46221748be9674a553b9f3f611e31859026a310ba0c1133ac

SHA512
cc5f7dfafc6b677a392f953e92ce8c1dd1140ee037099d2ffab6ed564e8241682a23d55b8a89c54b18fc06d402d6c5620dc0c3083483d3fcce516b28d0108c2b

Download Submit
\Users\Public\ExceptCatch.dll

Filesize
2.4MB

MD5
09bc3d42c6db32f5d8db62146d60df3a

SHA1
964270b61cb609bc8c44ac6e26e33356b40b4db1

SHA256
e025d5638065c73ac98287f0ddc72bd0446ad2511cce8dfa3aaa2f6c7426c549

SHA512
4c63eb92bdfaeae44397dc0a8df3fc1b3f4c9c5077eaa75cc42354d3112988f5127d98c736943dca867278f5ae68d5c805ab7adeda6fd387a967ae14ffd44b88

Download Submit
\Users\Public\ÏµÍ³°²È«²¹¶¡.exe

Filesize
69KB

MD5
3d924b86f8dc8215ea1dcda84c218ad7

SHA1
bff3baea1ea9f1eef642773382d6e8945fa5bf8c

SHA256
a429ee865286dc2be99cb61ac2ed8f29c148aabd7f77943e65114744bc4df98b

SHA512
bab02ad0a21b44692bf60db8600872290274b44212febae90c6cf99e09a30c516493253da52b3d80b4fe805100e90fde953b8674c4c8e11911e187dd12dbc7ff

Download Submit
\Users\lsass.exe

Filesize
2.0MB

MD5
b03c0e3bf47d84324c4dcefac159878e

SHA1
6dde0d9602241a61ce4550124c376257049486f0

SHA256
7ab986781e1f88d46221748be9674a553b9f3f611e31859026a310ba0c1133ac

SHA512
cc5f7dfafc6b677a392f953e92ce8c1dd1140ee037099d2ffab6ed564e8241682a23d55b8a89c54b18fc06d402d6c5620dc0c3083483d3fcce516b28d0108c2b

Download Submit
\Users\lsass.exe

Filesize
2.0MB

MD5
b03c0e3bf47d84324c4dcefac159878e

SHA1
6dde0d9602241a61ce4550124c376257049486f0

SHA256
7ab986781e1f88d46221748be9674a553b9f3f611e31859026a310ba0c1133ac

SHA512
cc5f7dfafc6b677a392f953e92ce8c1dd1140ee037099d2ffab6ed564e8241682a23d55b8a89c54b18fc06d402d6c5620dc0c3083483d3fcce516b28d0108c2b

Download Submit
\Users\lsass.exe

Filesize
2.0MB

MD5
b03c0e3bf47d84324c4dcefac159878e

SHA1
6dde0d9602241a61ce4550124c376257049486f0

SHA256
7ab986781e1f88d46221748be9674a553b9f3f611e31859026a310ba0c1133ac

SHA512
cc5f7dfafc6b677a392f953e92ce8c1dd1140ee037099d2ffab6ed564e8241682a23d55b8a89c54b18fc06d402d6c5620dc0c3083483d3fcce516b28d0108c2b

Download Submit
memory/1052-4641-0x0000000077D80000-0x0000000077F00000-memory.dmp

Filesize
1.5MB

Download
memory/1052-4642-0x0000000000400000-0x000000000095E000-memory.dmp

Filesize
5.4MB

Download
memory/1416-4634-0x0000000000400000-0x000000000095E000-memory.dmp

Filesize
5.4MB

Download
memory/1416-4635-0x0000000077D80000-0x0000000077F00000-memory.dmp

Filesize
1.5MB

Download
memory/1672-501-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-489-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-500-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-503-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-510-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-513-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-519-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-522-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-523-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-521-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-520-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-517-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-518-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-516-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-515-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-514-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-511-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-509-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-508-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-507-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-506-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-505-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-504-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-502-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-490-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-499-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-498-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-496-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-497-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-495-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-493-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-492-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-491-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-494-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-488-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-486-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-485-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-483-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-482-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-480-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-478-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-477-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-475-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-474-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-473-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-472-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-471-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-487-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-484-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-481-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-479-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-468-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-466-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-465-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-464-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-463-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-4629-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-4630-0x00000000023B0000-0x00000000024B1000-memory.dmp

Filesize
1.0MB

Download
memory/1672-4628-0x00000000024F0000-0x0000000002671000-memory.dmp

Filesize
1.5MB

Download
memory/1672-4627-0x0000000000400000-0x0000000000932000-memory.dmp

Filesize
5.2MB

Download
memory/1672-476-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-470-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-469-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-467-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-462-0x0000000002680000-0x0000000002791000-memory.dmp

Filesize
1.1MB

Download
memory/1672-56-0x00000000772D0000-0x0000000077317000-memory.dmp

Filesize
284KB

Download
memory/1672-54-0x0000000075AE1000-0x0000000075AE3000-memory.dmp

Filesize
8KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads