Overview

overview

10

Static

static

3

Group Bots.exe

windows7-x64

10

Group Bots.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Group Bots.exe

  • Size

    1.6MB

  • Sample

    230825-r1j1vaee4t

  • MD5

    f5a2da741ab2b11ecd79d957f205e4bc

  • SHA1

    62d9022f4b72268fb2523cf849ed9b9b0a162888

  • SHA256

    9824e1ed7f0224fbcc9f3e93bb645500fff8d8841d9adb0da49667cce9537d2a

  • SHA512

    12cb4ee676c720989a70b3babd8973b678e6b27cf55375e4b9d5dc5c6312513ef3b27de11a4802c9f3b6d41bb52f2fffe0ba87a2bfd4fe9a23185b40596e2c68

  • SSDEEP

    49152:KNm+gSx2NFNJL2enS7U6LGsGjbkhBuvS5XMjViyHR:KNmQgNF7SpL3Gjbk/MW8jViu

Score
10/10

Malware Config

Targets

    • Target

      Group Bots.exe

    • Size

      1.6MB

    • MD5

      f5a2da741ab2b11ecd79d957f205e4bc

    • SHA1

      62d9022f4b72268fb2523cf849ed9b9b0a162888

    • SHA256

      9824e1ed7f0224fbcc9f3e93bb645500fff8d8841d9adb0da49667cce9537d2a

    • SHA512

      12cb4ee676c720989a70b3babd8973b678e6b27cf55375e4b9d5dc5c6312513ef3b27de11a4802c9f3b6d41bb52f2fffe0ba87a2bfd4fe9a23185b40596e2c68

    • SSDEEP

      49152:KNm+gSx2NFNJL2enS7U6LGsGjbkhBuvS5XMjViyHR:KNmQgNF7SpL3Gjbk/MW8jViu

    Score
    10/10

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks