Overview

overview

10

Static

static

1

e12d85aa60...5b.exe

windows7-x64

10

e12d85aa60...5b.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b1f03fb9936f72548c7d006eabfc310.bin

  • Size

    744KB

  • Sample

    230214-bw23vshb6x

  • MD5

    d677e81bcc23d7d8ebdcf18e0a8d55d7

  • SHA1

    1d9deae1fb9f56fc563ab87427767e008733d5ed

  • SHA256

    61e6b0d676b91749b98f1755ec26d813c29ab244443c52220a58b5acf5c8fc85

  • SHA512

    7e0e16985a71711c26ba1d671b5ceb4a5c1b6c7a90ae50f70fe58e1156c81154627ee178a3880223b3cf9d153f93a050bf4e72cf0d62cab511d521111fb80f68

  • SSDEEP

    12288:xvtKINdwPGpqZhj7Q35VZAnD0DZYVXSJMjv0drJbgVgvZywfhmozUQWhMwe0AFPe:HKI/wPbg5V2nIZYVXPj4Gg9fhmoQQWh7

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      e12d85aa606d45cdbb85982f5ea17d5c0b6f030dbbb30275ec0803f37c188a5b.exe

    • Size

      866KB

    • MD5

      7b1f03fb9936f72548c7d006eabfc310

    • SHA1

      66aef8129896c6e6dd36b2e3abadbbce7b4d51d6

    • SHA256

      e12d85aa606d45cdbb85982f5ea17d5c0b6f030dbbb30275ec0803f37c188a5b

    • SHA512

      f20b8348e0eb82f61fbaa98ce771f260bbbd22e1cf6018a49338d457b0ab5213a853e81cb4e4760c2c167a04279c6772a5076849dc89120fe31e05bb21f8c403

    • SSDEEP

      24576:b2c2oVEmdgUwB4qM742kyxzDL/KHYAmCS:ac2osByEby5DL/Dr

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks