Overview

overview

10

Static

static

3

定投.exe

windows7-x64

10

定投.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    定投.exe_

  • Size

    3.4MB

  • Sample

    230530-f2wv9afg3t

  • MD5

    229beb31d5bc4d691c0f91d6a7dab42c

  • SHA1

    627bc1a8c52c777c9479f1589b269ae1978c7948

  • SHA256

    d41c808f17f745fe110952f4d75c14373161477de16f661d1ef55860a866b6cb

  • SHA512

    35668ad89772e2fb926c46620ed4078244838c94b090524a0955e1c9762e1dbaeec29462b6833658ae8b43cc67edeaedbac92fb2132baa3eea8695ed8d96a27a

  • SSDEEP

    98304:l8NExEicFwlQ7j63ztVgWmxS7FLOAkGkzdnEVomFHKnP:cpmPVgWmxS7FLOyomFHKnP

Score
10/10
chinese_generic_botnetgh0stratbotnetrat

Malware Config

Targets

    • Target

      定投.exe_

    • Size

      3.4MB

    • MD5

      229beb31d5bc4d691c0f91d6a7dab42c

    • SHA1

      627bc1a8c52c777c9479f1589b269ae1978c7948

    • SHA256

      d41c808f17f745fe110952f4d75c14373161477de16f661d1ef55860a866b6cb

    • SHA512

      35668ad89772e2fb926c46620ed4078244838c94b090524a0955e1c9762e1dbaeec29462b6833658ae8b43cc67edeaedbac92fb2132baa3eea8695ed8d96a27a

    • SSDEEP

      98304:l8NExEicFwlQ7j63ztVgWmxS7FLOAkGkzdnEVomFHKnP:cpmPVgWmxS7FLOyomFHKnP

    Score
    10/10
    chinese_generic_botnetbotnetgh0stratrat

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Gh0st RAT payload

    • Gh0strat

      Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.

      ratgh0strat

    • Chinese Botnet payload

      botnet

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks