General

  • Target

    6f3c5beb8ae5c15c8b2931ea2c2e1223dce24b109352118112faefef681a7b00

  • Size

    5.8MB

  • Sample

    230810-nahtbaea91

  • MD5

    fc58c304dc6df3e9df194e0048dc3cc6

  • SHA1

    b35a41e940ffcc68ab03d60c7398bfeb781bf0f4

  • SHA256

    6f3c5beb8ae5c15c8b2931ea2c2e1223dce24b109352118112faefef681a7b00

  • SHA512

    801175fed116707a42f2fa0f737731f6bf247bbede8459698752e8b464644b39ee4eaddfaf4cead56e5766d548ae691fc23653b8a5d85cfb39228186567667d7

  • SSDEEP

    98304:AqVQ4tml/iUm4XHb8vFtYkQWrSz9rAmLJHORm6UJamI3LeojzZARZpkAdcc6IjWF:/J+jX7oDhrSpru+W3KMZkvdagNXhJs0I

Malware Config

Targets

    • Target

      6f3c5beb8ae5c15c8b2931ea2c2e1223dce24b109352118112faefef681a7b00

    • Size

      5.8MB

    • MD5

      fc58c304dc6df3e9df194e0048dc3cc6

    • SHA1

      b35a41e940ffcc68ab03d60c7398bfeb781bf0f4

    • SHA256

      6f3c5beb8ae5c15c8b2931ea2c2e1223dce24b109352118112faefef681a7b00

    • SHA512

      801175fed116707a42f2fa0f737731f6bf247bbede8459698752e8b464644b39ee4eaddfaf4cead56e5766d548ae691fc23653b8a5d85cfb39228186567667d7

    • SSDEEP

      98304:AqVQ4tml/iUm4XHb8vFtYkQWrSz9rAmLJHORm6UJamI3LeojzZARZpkAdcc6IjWF:/J+jX7oDhrSpru+W3KMZkvdagNXhJs0I

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

    • Chinese Botnet payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks