General

  • Target

    53460de37325b4979177f832ae51f9de.exe

  • Size

    880KB

  • Sample

    221010-h8za3abab6

  • MD5

    53460de37325b4979177f832ae51f9de

  • SHA1

    f32dd3e711e5fc24c3e525ab835c83588cbc1558

  • SHA256

    bb10d1876255ac5c7beb971b9c3f748976eef78067690392f36e698939331ac1

  • SHA512

    19a489017baaa2adb1c9cf75a502725a28193e4a0661b8f7956169084884e82e07d9b980091d1f8c307cb6f7ae7e7bb3fd3012db0a30dedbe30621f1f60f1595

  • SSDEEP

    24576:7stUx5NK+HjoSIIJ2thqogNSNOKt5apf7xesN7:gtIS+dJgRkSNO0Qpow

Malware Config

Targets

    • Target

      53460de37325b4979177f832ae51f9de.exe

    • Size

      880KB

    • MD5

      53460de37325b4979177f832ae51f9de

    • SHA1

      f32dd3e711e5fc24c3e525ab835c83588cbc1558

    • SHA256

      bb10d1876255ac5c7beb971b9c3f748976eef78067690392f36e698939331ac1

    • SHA512

      19a489017baaa2adb1c9cf75a502725a28193e4a0661b8f7956169084884e82e07d9b980091d1f8c307cb6f7ae7e7bb3fd3012db0a30dedbe30621f1f60f1595

    • SSDEEP

      24576:7stUx5NK+HjoSIIJ2thqogNSNOKt5apf7xesN7:gtIS+dJgRkSNO0Qpow

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

    • Chinese Botnet payload

    • Executes dropped EXE

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Tasks