chinese_generic_botnet | 61e6b0d676b91749b98f1755ec26d813c29ab244443c52220a58b5acf5c8fc85 | Triage

Submit
Reports

Overview

overview

Static

static

1

e12d85aa60...5b.exe

windows7-x64

e12d85aa60...5b.exe

windows10-2004-x64

3

Sharing

General

Target

7b1f03fb9936f72548c7d006eabfc310.bin
Size

744KB
Sample

230214-bw23vshb6x
MD5

d677e81bcc23d7d8ebdcf18e0a8d55d7
SHA1

1d9deae1fb9f56fc563ab87427767e008733d5ed
SHA256

61e6b0d676b91749b98f1755ec26d813c29ab244443c52220a58b5acf5c8fc85
SHA512

7e0e16985a71711c26ba1d671b5ceb4a5c1b6c7a90ae50f70fe58e1156c81154627ee178a3880223b3cf9d153f93a050bf4e72cf0d62cab511d521111fb80f68
SSDEEP

12288:xvtKINdwPGpqZhj7Q35VZAnD0DZYVXSJMjv0drJbgVgvZywfhmozUQWhMwe0AFPe:HKI/wPbg5V2nIZYVXPj4Gg9fhmoQQWh7

Score

10^/10

chinese_generic_botnet botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

e12d85aa606d45cdbb85982f5ea17d5c0b6f030dbbb30275ec0803f37c188a5b.exe

Resource

win7-20221111-en

chinese_generic_botnet botnet persistence

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

e12d85aa606d45cdbb85982f5ea17d5c0b6f030dbbb30275ec0803f37c188a5b.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

1 signatures

150 seconds

Malware Config

Targets

- Target
  
  e12d85aa606d45cdbb85982f5ea17d5c0b6f030dbbb30275ec0803f37c188a5b.exe
- Size
  
  866KB
- MD5
  
  7b1f03fb9936f72548c7d006eabfc310
- SHA1
  
  66aef8129896c6e6dd36b2e3abadbbce7b4d51d6
- SHA256
  
  e12d85aa606d45cdbb85982f5ea17d5c0b6f030dbbb30275ec0803f37c188a5b
- SHA512
  
  f20b8348e0eb82f61fbaa98ce771f260bbbd22e1cf6018a49338d457b0ab5213a853e81cb4e4760c2c167a04279c6772a5076849dc89120fe31e05bb21f8c403
- SSDEEP
  
  24576:b2c2oVEmdgUwB4qM742kyxzDL/KHYAmCS:ac2osByEby5DL/Dr
Score

10^/10

chinese_generic_botnet botnet persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnetpersistence

behavioral2

© 2018-2024

Terms | Privacy