chinese_generic_botnet | 54cf35c8c1b0949422348d097c4544186753549583395108fe620c57b8033421 | Triage

Submit
Reports

Overview

overview

Static

static

8

54cf35c8c1...21.exe

windows7-x64

54cf35c8c1...21.exe

windows10-2004-x64

Sharing

General

Target

54cf35c8c1b0949422348d097c4544186753549583395108fe620c57b8033421
Size

2.0MB
Sample

221109-qtwkmahcf8
MD5

1e2cfbde6afd4b54fabbc9c70735123f
SHA1

ad19d94a6ecfe8ab38fb2f83e9129e6cfccab7cf
SHA256

54cf35c8c1b0949422348d097c4544186753549583395108fe620c57b8033421
SHA512

4415a3fd01c46c17628c7943902296da5387fdbf530060889806ce3b3ef5717a2724767fd6ee9855204455955bdc2b477581838588fd6311789aff52f997e077
SSDEEP

49152:Uxae01xkh8Y0E5M5Lwex5oSbWmg/f8M8WKL/0qk/H979/:5Y0GevWmoUPT0qQH979

Score

10^/10

chinese_generic_botnet botnet persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

54cf35c8c1b0949422348d097c4544186753549583395108fe620c57b8033421.exe

Resource

win7-20220812-en

chinese_generic_botnet botnet upx

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

54cf35c8c1b0949422348d097c4544186753549583395108fe620c57b8033421.exe

Resource

win10v2004-20220812-en

chinese_generic_botnet botnet persistence upx

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  54cf35c8c1b0949422348d097c4544186753549583395108fe620c57b8033421
- Size
  
  2.0MB
- MD5
  
  1e2cfbde6afd4b54fabbc9c70735123f
- SHA1
  
  ad19d94a6ecfe8ab38fb2f83e9129e6cfccab7cf
- SHA256
  
  54cf35c8c1b0949422348d097c4544186753549583395108fe620c57b8033421
- SHA512
  
  4415a3fd01c46c17628c7943902296da5387fdbf530060889806ce3b3ef5717a2724767fd6ee9855204455955bdc2b477581838588fd6311789aff52f997e077
- SSDEEP
  
  49152:Uxae01xkh8Y0E5M5Lwex5oSbWmg/f8M8WKL/0qk/H979/:5Y0GevWmoUPT0qQH979
Score

10^/10

chinese_generic_botnet botnet upx persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnetupx

behavioral2

chinese_generic_botnetbotnetpersistenceupx

© 2018-2024

Terms | Privacy