chinese_generic_botnet | 8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927
Size

879KB
Sample

221223-sgxy2agf34
MD5

45f6980ec4c0108bb1103cbc1906fa18
SHA1

26504d9884c97a2fab9aa128148a5b36becf9e92
SHA256

8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927
SHA512

64fc21f11fc4bfbd485111695ee2ac9e1e70f4107893e259aa4d705a7ad647e7968f3c223d8d647124c8b0d8f041bae074c600a0ae168b0eb166cd62ee877049
SSDEEP

24576:Cubv+5jv8LiSo2Jbqok9WYik0km7tm/78IM6lnI:CahLiSo2JbqXFikY0gIM6lnI

Score

10^/10

chinese_generic_botnet botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927.exe

Resource

win10-20220812-en

chinese_generic_botnet botnet persistence

windows10-1703-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927
- Size
  
  879KB
- MD5
  
  45f6980ec4c0108bb1103cbc1906fa18
- SHA1
  
  26504d9884c97a2fab9aa128148a5b36becf9e92
- SHA256
  
  8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927
- SHA512
  
  64fc21f11fc4bfbd485111695ee2ac9e1e70f4107893e259aa4d705a7ad647e7968f3c223d8d647124c8b0d8f041bae074c600a0ae168b0eb166cd62ee877049
- SSDEEP
  
  24576:Cubv+5jv8LiSo2Jbqok9WYik0km7tm/78IM6lnI:CahLiSo2JbqXFikY0gIM6lnI
Score

10^/10

chinese_generic_botnet botnet persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnetpersistence

© 2018-2025

Terms | Privacy