chinese_generic_botnet | 5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e | Triage

Sharing

General

Target

5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e
Size

94KB
Sample

230910-nvhn2sgg81
MD5

ca4e9a08ccebf3dbe5973f92bd17f0b7
SHA1

1e74be71c0522b6cf4b74d81492279fa0cf9095a
SHA256

5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e
SHA512

3c659b4170380c85ad1aec1ec5f944a98516d3fcdf99e17adeeebec5d9ec5dc4a50609fc73848aab7900a1523e6e8032a41b276e5e695c25f58e5c88dec15559
SSDEEP

1536:NqGCeONIWGmVDp92/731b5cRxq3bOFsr+ecMRsWjcd3KA2jVjE4wJ:N+WpmD+7lbZp+YeaA2jVjEtJ

Score

10^/10

chinese_generic_botnet botnet persistence

Malware Config

Targets

- Target
  
  5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e
- Size
  
  94KB
- MD5
  
  ca4e9a08ccebf3dbe5973f92bd17f0b7
- SHA1
  
  1e74be71c0522b6cf4b74d81492279fa0cf9095a
- SHA256
  
  5cc5e79e1540e89c28966395444f25bf717ac4c700847a59cd59e8f27941e20e
- SHA512
  
  3c659b4170380c85ad1aec1ec5f944a98516d3fcdf99e17adeeebec5d9ec5dc4a50609fc73848aab7900a1523e6e8032a41b276e5e695c25f58e5c88dec15559
- SSDEEP
  
  1536:NqGCeONIWGmVDp92/731b5cRxq3bOFsr+ecMRsWjcd3KA2jVjE4wJ:N+WpmD+7lbZp+YeaA2jVjEtJ
Score

10^/10

persistence chinese_generic_botnet botnet
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

chinese_generic_botnetbotnetpersistence