Overview

overview

10

Static

static

1

ZJ.exe

windows7-x64

10

ZJ.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZJ.exe

  • Size

    2.3MB

  • Sample

    230418-wwr8wafa2v

  • MD5

    1610c7cceefdeae7b7ac5367c73d040f

  • SHA1

    f4387ef0b446a41909ab27437d1926cefd51c28a

  • SHA256

    ff526968ee5a3aa4891f5e9bf0ac2790797762b5eaf34d47f5058f64c5908a13

  • SHA512

    9e44567d492a080ba487f651fc808f4ea1ecab6e142bb47dca462175b88b2859d0ee4b9bc7399ffee880ada5897d31333e243b6509450829edb81cddf83140f5

  • SSDEEP

    49152:wVPKtAZe39RT9D2PwgOWH3+E3B2EU9Dcg7ODwI5p/2QAm15fHoFN6WtljaEy93aB:EKSgtRT52nOWHrR2EUigUD5p/2QAofHl

Score
10/10
chinese_generic_botnetbotnet

Malware Config

Targets

    • Target

      ZJ.exe

    • Size

      2.3MB

    • MD5

      1610c7cceefdeae7b7ac5367c73d040f

    • SHA1

      f4387ef0b446a41909ab27437d1926cefd51c28a

    • SHA256

      ff526968ee5a3aa4891f5e9bf0ac2790797762b5eaf34d47f5058f64c5908a13

    • SHA512

      9e44567d492a080ba487f651fc808f4ea1ecab6e142bb47dca462175b88b2859d0ee4b9bc7399ffee880ada5897d31333e243b6509450829edb81cddf83140f5

    • SSDEEP

      49152:wVPKtAZe39RT9D2PwgOWH3+E3B2EU9Dcg7ODwI5p/2QAm15fHoFN6WtljaEy93aB:EKSgtRT52nOWHrR2EUigUD5p/2QAofHl

    Score
    10/10
    chinese_generic_botnetbotnet

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks