5747325bf9347e431412ae207c6e163dc1a9c968741989b12fe407a9cb440a8a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

mcbot-main.zip

windows10-1703-x64

8

mcbot-main.zip

windows7-x64

5

mcbot-main.zip

windows10-2004-x64

1

mcbot-main/MCBOT.jar

windows10-1703-x64

1

mcbot-main/MCBOT.jar

windows7-x64

1

mcbot-main/MCBOT.jar

windows10-2004-x64

1

Resubmissions

17/03/2023, 21:41

230317-1j6b7acb5t 8

17/03/2023, 21:40

230317-1h82paab27 1

Sharing

General

Target

mcbot-main.zip
Size

4.1MB
Sample

230317-1j6b7acb5t
MD5

e00f4960bf3de863ecab55af200712c1
SHA1

b6aa9c80020be3584226cf83fbf3b39701d8928f
SHA256

5747325bf9347e431412ae207c6e163dc1a9c968741989b12fe407a9cb440a8a
SHA512

eacaaa47f0230d5150c775b1deb549fbcd5dc94fc6bc58a290eacd48c4f3d7395814b6a1239b4537ccd9b6c3d5d0e74251d93b975eefb4677a6bafa85b750539
SSDEEP

98304:ckZ4Mp/g8GXOn+vnk/kI2k8RpIZrXdCq++/vID+pqxHmGN1:5Z5N+vnk/k5VyNb7vpQr

Score

8^/10

discovery persistence

Static task

static1

Behavioral task

behavioral1

Sample

mcbot-main.zip

Resource

win10-20230220-es

discovery persistence

windows10-1703-x64

26 signatures

1800 seconds

Behavioral task

behavioral2

Sample

mcbot-main.zip

Resource

win7-20230220-es

windows7-x64

6 signatures

1800 seconds

Behavioral task

behavioral3

Sample

mcbot-main.zip

Resource

win10v2004-20230221-es

windows10-2004-x64

0 signatures

1800 seconds

Behavioral task

behavioral4

Sample

mcbot-main/MCBOT.jar

Resource

win10-20230220-es

windows10-1703-x64

0 signatures

1800 seconds

Behavioral task

behavioral5

Sample

mcbot-main/MCBOT.jar

Resource

win7-20230220-es

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral6

Sample

mcbot-main/MCBOT.jar

Resource

win10v2004-20230220-es

windows10-2004-x64

0 signatures

1800 seconds

Malware Config

Targets

- Target
  
  mcbot-main.zip
- Size
  
  4.1MB
- MD5
  
  e00f4960bf3de863ecab55af200712c1
- SHA1
  
  b6aa9c80020be3584226cf83fbf3b39701d8928f
- SHA256
  
  5747325bf9347e431412ae207c6e163dc1a9c968741989b12fe407a9cb440a8a
- SHA512
  
  eacaaa47f0230d5150c775b1deb549fbcd5dc94fc6bc58a290eacd48c4f3d7395814b6a1239b4537ccd9b6c3d5d0e74251d93b975eefb4677a6bafa85b750539
- SSDEEP
  
  98304:ckZ4Mp/g8GXOn+vnk/kI2k8RpIZrXdCq++/vID+pqxHmGN1:5Z5N+vnk/k5VyNb7vpQr
Score

8^/10

discovery persistence
- Contacts a large (515) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2 behavioral3
- Target
  
  mcbot-main/MCBOT.jar
- Size
  
  4.3MB
- MD5
  
  67f180ee8e6f0338db10b6499daf624a
- SHA1
  
  a9b471f5476fdc4be9248bef5024b475bba65589
- SHA256
  
  04a5547a8bf159523c7401fc0fab2d7055d946952917b090ed3904ee865f163e
- SHA512
  
  d009db057fcc02a64ab7d5313cb6029a1a2f7d56cd89efbb1e327e5ab038dab351171e2ced50498e4bdde877037e353a1d5671f56bf62e41dd5376ba5cd79117
- SSDEEP
  
  98304:W8tsCCKthmwquqC8rMpuk/L/VV7hq5KWvi5+FZWivUdX:W0sUthrquq25Lj7hWvi5+jWiMN
Score

1^/10
behavioral4 behavioral5 behavioral6

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Discovery

Network Service Scanning

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

© 2018-2025

Terms | Privacy