chinese_generic_botnet | 4afc2fe297f0104b643c46b320a1c70aa8ec73697584319739eacc09dbbb0395 | Triage

Submit
Reports

Overview

overview

Static

static

8bc19641f9...27.exe

windows7-x64

8bc19641f9...27.exe

windows10-2004-x64

3

Sharing

General

Target

8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927
Size

755KB
Sample

221223-w8r4mscb5t
MD5

09082be612d29ca5d1253bc786c5277a
SHA1

1cd00c87777826980813f81a893dc82d30c68083
SHA256

4afc2fe297f0104b643c46b320a1c70aa8ec73697584319739eacc09dbbb0395
SHA512

5e6770bfe56585c77f4d956aeb11fc0d3306a1992c67dd8f9f97d120b09a11618531cae768e5983fa07593e2d61ba8fe88ee72a93d34acb0f0e5163a73ccedd1
SSDEEP

12288:5JPgwYEla1N92UaBKMP+pFyczuVLmnNwuOiU161NzENiCrEP7u6z+a842ymaA4aM:jPHmN4h5P+p7QanOdiMazE8Ck7u6+a8y

Score

10^/10

chinese_generic_botnet botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927.exe

Resource

win7-20221111-en

chinese_generic_botnet botnet persistence

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927
- Size
  
  879KB
- MD5
  
  45f6980ec4c0108bb1103cbc1906fa18
- SHA1
  
  26504d9884c97a2fab9aa128148a5b36becf9e92
- SHA256
  
  8bc19641f9095f8c86c3836cf1f9d7b1dd14a1c62da0320ce09d5e27d0104927
- SHA512
  
  64fc21f11fc4bfbd485111695ee2ac9e1e70f4107893e259aa4d705a7ad647e7968f3c223d8d647124c8b0d8f041bae074c600a0ae168b0eb166cd62ee877049
- SSDEEP
  
  24576:Cubv+5jv8LiSo2Jbqok9WYik0km7tm/78IM6lnI:CahLiSo2JbqXFikY0gIM6lnI
Score

10^/10

chinese_generic_botnet botnet persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnetpersistence

behavioral2

© 2018-2025

Terms | Privacy