Overview

overview

10

Static

static

1

a2e4d9bccc...1a.exe

windows7-x64

10

a2e4d9bccc...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2e4d9bccc1cc8e1543a3dee586954454c8667c272b13a43b6511c63bdd8e51a

  • Size

    848KB

  • Sample

    231019-smxv8aab34

  • MD5

    c88bb69a2d5cbfd40c2b481c9f701dd9

  • SHA1

    83d3f2f023ae23d4a41ae5d885d20d8fd060ee49

  • SHA256

    a2e4d9bccc1cc8e1543a3dee586954454c8667c272b13a43b6511c63bdd8e51a

  • SHA512

    e74d9f0119ddbe42bf5db975ca57fe56f667c6b766ef53d7807f7b761787cede69bedf1b3e7283f258d692c4b688c8568a0f17d7c716c43de5557bd60d8339d2

  • SSDEEP

    12288:5WN/8q/8xeAxYGQZTH+28vsBwfpZfF6BZNjJTa3HIsQGGrs0Z2outsqYiQst1Iqv:5WNoxeAqZTHQ0BwfT0/t4YjAE2UtQ3uQ

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      a2e4d9bccc1cc8e1543a3dee586954454c8667c272b13a43b6511c63bdd8e51a

    • Size

      848KB

    • MD5

      c88bb69a2d5cbfd40c2b481c9f701dd9

    • SHA1

      83d3f2f023ae23d4a41ae5d885d20d8fd060ee49

    • SHA256

      a2e4d9bccc1cc8e1543a3dee586954454c8667c272b13a43b6511c63bdd8e51a

    • SHA512

      e74d9f0119ddbe42bf5db975ca57fe56f667c6b766ef53d7807f7b761787cede69bedf1b3e7283f258d692c4b688c8568a0f17d7c716c43de5557bd60d8339d2

    • SSDEEP

      12288:5WN/8q/8xeAxYGQZTH+28vsBwfpZfF6BZNjJTa3HIsQGGrs0Z2outsqYiQst1Iqv:5WNoxeAqZTHQ0BwfT0/t4YjAE2UtQ3uQ

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks