Overview

overview

10

Static

static

3

f4d6cbedc6...f4.exe

windows7-x64

10

f4d6cbedc6...f4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f4d6cbedc62b2e64fc5a3cd025c9cda328420e8a7702024d9a0b3fb31bdb56f4

  • Size

    352KB

  • Sample

    230828-q45laabd62

  • MD5

    f545013595ac79bdcff60a2dc6badfd7

  • SHA1

    66358a06200d198bcc1122dee0de00ab53e4a6af

  • SHA256

    f4d6cbedc62b2e64fc5a3cd025c9cda328420e8a7702024d9a0b3fb31bdb56f4

  • SHA512

    a06f55843bac9efa42873e9d5b5d4f1ef12a56f36179b38df9277f458221d57bc839d6ad739ba3e33c2d3083bf6bff3af63f756ad70a84caae8a288eef87621e

  • SSDEEP

    3072:fAAdrtcV2GenT0cTtm2LAQSXVqjzpYfJhWw7E:VI2GenQ67wk3pyJhWw

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      f4d6cbedc62b2e64fc5a3cd025c9cda328420e8a7702024d9a0b3fb31bdb56f4

    • Size

      352KB

    • MD5

      f545013595ac79bdcff60a2dc6badfd7

    • SHA1

      66358a06200d198bcc1122dee0de00ab53e4a6af

    • SHA256

      f4d6cbedc62b2e64fc5a3cd025c9cda328420e8a7702024d9a0b3fb31bdb56f4

    • SHA512

      a06f55843bac9efa42873e9d5b5d4f1ef12a56f36179b38df9277f458221d57bc839d6ad739ba3e33c2d3083bf6bff3af63f756ad70a84caae8a288eef87621e

    • SSDEEP

      3072:fAAdrtcV2GenT0cTtm2LAQSXVqjzpYfJhWw7E:VI2GenQ67wk3pyJhWw

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks