General

  • Target

    fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac

  • Size

    3.3MB

  • Sample

    231012-fxbphsbc83

  • MD5

    51c2df4c151377008a867e9936101485

  • SHA1

    6ce54dacd601acf26930864baed50cbe76504037

  • SHA256

    fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac

  • SHA512

    9f576d81e66f11db5a7e84a52016ee0fd96c8ccba088a586ffec8dd8788be4e8655df994aa0690297aa41b74237a57ee3f412630199de1dca964fee0d5302f70

  • SSDEEP

    98304:N2HKwycIFgnZkcOyqxcQDFUg5CBgwjYNTtnpO:nFgEDcfg5CBgbNT/O

Malware Config

Targets

    • Target

      fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac

    • Size

      3.3MB

    • MD5

      51c2df4c151377008a867e9936101485

    • SHA1

      6ce54dacd601acf26930864baed50cbe76504037

    • SHA256

      fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac

    • SHA512

      9f576d81e66f11db5a7e84a52016ee0fd96c8ccba088a586ffec8dd8788be4e8655df994aa0690297aa41b74237a57ee3f412630199de1dca964fee0d5302f70

    • SSDEEP

      98304:N2HKwycIFgnZkcOyqxcQDFUg5CBgwjYNTtnpO:nFgEDcfg5CBgbNT/O

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

    • Chinese Botnet payload

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks