chinese_generic_botnet | 18459ea969be44966cb9bdd8d65d93d91dc2635d952f02aee69d6e2eaec2c679 | Triage

Submit
Reports

Overview

overview

Static

static

1

tmp.exe

windows7-x64

tmp.exe

windows10-2004-x64

Sharing

General

Target

tmp
Size

872KB
Sample

230218-ya273acf2x
MD5

d156b1ffd7d387927ee88491a26ccae6
SHA1

15764f67963a0e70f2b310510b95021d7e4aa27d
SHA256

18459ea969be44966cb9bdd8d65d93d91dc2635d952f02aee69d6e2eaec2c679
SHA512

0c213b94f86e49dfad8aed263ef11f5c24b9597591ae7f37b6451f513c1451f603c27676e547809976f636c86d2650fe12c988cdf2cea5ee6843612583ade283
SSDEEP

24576:8gC7+maMAjAERQqMHwfVh7OrvgE+FarjUyHWuXki:UihMHwfVhagE3RWuXki

Score

10^/10

chinese_generic_botnet botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

tmp.exe

Resource

win7-20221111-en

chinese_generic_botnet botnet

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

tmp.exe

Resource

win10v2004-20221111-en

chinese_generic_botnet botnet persistence

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  tmp
- Size
  
  872KB
- MD5
  
  d156b1ffd7d387927ee88491a26ccae6
- SHA1
  
  15764f67963a0e70f2b310510b95021d7e4aa27d
- SHA256
  
  18459ea969be44966cb9bdd8d65d93d91dc2635d952f02aee69d6e2eaec2c679
- SHA512
  
  0c213b94f86e49dfad8aed263ef11f5c24b9597591ae7f37b6451f513c1451f603c27676e547809976f636c86d2650fe12c988cdf2cea5ee6843612583ade283
- SSDEEP
  
  24576:8gC7+maMAjAERQqMHwfVh7OrvgE+FarjUyHWuXki:UihMHwfVhagE3RWuXki
Score

10^/10

chinese_generic_botnet botnet persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnet

behavioral2

chinese_generic_botnetbotnetpersistence

© 2018-2024

Terms | Privacy