chinese_generic_botnet | eb7e288f1289acec3df23db595831e23c8488c8f3fcad61411098bd046a1fc19 | Triage

Submit
Reports

Overview

overview

Static

static

eb7e288f12...19.exe

windows7-x64

eb7e288f12...19.exe

windows10-2004-x64

Sharing

General

Target

eb7e288f1289acec3df23db595831e23c8488c8f3fcad61411098bd046a1fc19
Size

2.7MB
Sample

230131-x12tjsbf8v
MD5

1c5db3ef3cac4c9a894c5a1255476b94
SHA1

5c091d5020d23f0a3a3c3f923cfbe9c3f9afc1ff
SHA256

eb7e288f1289acec3df23db595831e23c8488c8f3fcad61411098bd046a1fc19
SHA512

c2e05803fbf225e95a3ee5fb0d8b8d76b704a124bfbd9a6ac90cf300047817ea25e432d9b97ffc9904e88eb41c4d28687ccdc49872cb170c0508cd9d02cd41e7
SSDEEP

49152:PoF2MMuR+S/SJeyo7144XYM/pf2G8wK/FtoxkEta+s8KuqGaX0ToIBAUZLYp8:Q9Mu1SzUm4XHb8vFtYkQJJBAUZLE

Score

10^/10

chinese_generic_botnet botnet persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

eb7e288f1289acec3df23db595831e23c8488c8f3fcad61411098bd046a1fc19.exe

Resource

win7-20221111-en

chinese_generic_botnet botnet upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

eb7e288f1289acec3df23db595831e23c8488c8f3fcad61411098bd046a1fc19.exe

Resource

win10v2004-20221111-en

chinese_generic_botnet botnet persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  eb7e288f1289acec3df23db595831e23c8488c8f3fcad61411098bd046a1fc19
- Size
  
  2.7MB
- MD5
  
  1c5db3ef3cac4c9a894c5a1255476b94
- SHA1
  
  5c091d5020d23f0a3a3c3f923cfbe9c3f9afc1ff
- SHA256
  
  eb7e288f1289acec3df23db595831e23c8488c8f3fcad61411098bd046a1fc19
- SHA512
  
  c2e05803fbf225e95a3ee5fb0d8b8d76b704a124bfbd9a6ac90cf300047817ea25e432d9b97ffc9904e88eb41c4d28687ccdc49872cb170c0508cd9d02cd41e7
- SSDEEP
  
  49152:PoF2MMuR+S/SJeyo7144XYM/pf2G8wK/FtoxkEta+s8KuqGaX0ToIBAUZLYp8:Q9Mu1SzUm4XHb8vFtYkQJJBAUZLE
Score

10^/10

chinese_generic_botnet botnet upx persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnetupx

behavioral2

chinese_generic_botnetbotnetpersistenceupx

© 2018-2024

Terms | Privacy