Overview

overview

10

Static

static

3

d827e8a5c9...d8.exe

windows7-x64

10

d827e8a5c9...d8.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d827e8a5c9eeeb34245d584b15b00cad20a6773b0784f1f1276326e01e44c6d8

  • Size

    352KB

  • Sample

    231026-1x1c4aad44

  • MD5

    8af855bc6f135bf75d88a8312f5d1b7b

  • SHA1

    09b29a0c771f31132f57d207deaea60b261aa03c

  • SHA256

    d827e8a5c9eeeb34245d584b15b00cad20a6773b0784f1f1276326e01e44c6d8

  • SHA512

    ec4785b575269018ee15d25d1a1efb9a313b57ae9a19b50c52c8f02afa53334a233cced54137f226487c3d917dd53fad0fdded012dbc124dbb180aefa06cf392

  • SSDEEP

    3072:fAAdrtFV2GenT0cTtm2LAQSXVqjzpYfJhJw7E:Vx2GenQ67wk3pyJhJw

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      d827e8a5c9eeeb34245d584b15b00cad20a6773b0784f1f1276326e01e44c6d8

    • Size

      352KB

    • MD5

      8af855bc6f135bf75d88a8312f5d1b7b

    • SHA1

      09b29a0c771f31132f57d207deaea60b261aa03c

    • SHA256

      d827e8a5c9eeeb34245d584b15b00cad20a6773b0784f1f1276326e01e44c6d8

    • SHA512

      ec4785b575269018ee15d25d1a1efb9a313b57ae9a19b50c52c8f02afa53334a233cced54137f226487c3d917dd53fad0fdded012dbc124dbb180aefa06cf392

    • SSDEEP

      3072:fAAdrtFV2GenT0cTtm2LAQSXVqjzpYfJhJw7E:Vx2GenQ67wk3pyJhJw

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks