chinese_generic_botnet | 1ed15783d208df1581d50087f870acf5caeac474eed4da0eb0b9968de86675d2 | Triage

Sharing

General

Target

1ed15783d208df1581d50087f870acf5caeac474eed4da0eb0b9968de86675d2
Size

980KB
Sample

230827-b3qneaeg75
MD5

8187d85f5672ce492f00ddfdcf6fd2d5
SHA1

46e9385908256cf65c07399568806d73d38704a9
SHA256

1ed15783d208df1581d50087f870acf5caeac474eed4da0eb0b9968de86675d2
SHA512

1a5f810d5ae2285757393ccac599b54bae2871c583bfec1b2c1634b01cc79027a4992aa6e0ecd56ff39dccfd97c69a61c2911a50a5249823417d746992131a1d
SSDEEP

6144:Vyq9ptgIsxITrY002GenQ67wk3pyJhgK8wk:RxgIsxITrL025nQopbq

Score

10^/10

chinese_generic_botnet botnet persistence

Malware Config

Targets

- Target
  
  1ed15783d208df1581d50087f870acf5caeac474eed4da0eb0b9968de86675d2
- Size
  
  980KB
- MD5
  
  8187d85f5672ce492f00ddfdcf6fd2d5
- SHA1
  
  46e9385908256cf65c07399568806d73d38704a9
- SHA256
  
  1ed15783d208df1581d50087f870acf5caeac474eed4da0eb0b9968de86675d2
- SHA512
  
  1a5f810d5ae2285757393ccac599b54bae2871c583bfec1b2c1634b01cc79027a4992aa6e0ecd56ff39dccfd97c69a61c2911a50a5249823417d746992131a1d
- SSDEEP
  
  6144:Vyq9ptgIsxITrY002GenQ67wk3pyJhgK8wk:RxgIsxITrL025nQopbq
Score

10^/10

chinese_generic_botnet botnet persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnet

behavioral2

chinese_generic_botnetbotnetpersistence