Overview

overview

10

Static

static

3

a2d0dd1cb8...c5.exe

windows7-x64

10

a2d0dd1cb8...c5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2d0dd1cb89611c7e979d65a73d51a573de55fb14f1130f28196618a828932c5

  • Size

    1.8MB

  • Sample

    231026-lfq1rsfh8w

  • MD5

    d2f35a6f207bc1d197a8f43c2d31d8ff

  • SHA1

    4645a201aeaa2e3ebed2681908d7a459ec72d8b0

  • SHA256

    a2d0dd1cb89611c7e979d65a73d51a573de55fb14f1130f28196618a828932c5

  • SHA512

    6a648b3cda34f6e62505828456b8f74a9073b40aebfa2965ae7fe36717969a8444ea4c94a9c4ec498a655be6d41d0bb2c2bbcf9a246813fe3f995de4d6775ffd

  • SSDEEP

    24576:XqgLbQGiEwAUnxA7H0slfGJpmd4qEvLtbQgxaO/VXuLOpfdIuA0Fre2M6QJ:XrbRwDC7AmsvnVXdQuA/7R

Score
10/10
chinese_generic_botnetbotnetevasionpersistencetrojan

Malware Config

Targets

    • Target

      a2d0dd1cb89611c7e979d65a73d51a573de55fb14f1130f28196618a828932c5

    • Size

      1.8MB

    • MD5

      d2f35a6f207bc1d197a8f43c2d31d8ff

    • SHA1

      4645a201aeaa2e3ebed2681908d7a459ec72d8b0

    • SHA256

      a2d0dd1cb89611c7e979d65a73d51a573de55fb14f1130f28196618a828932c5

    • SHA512

      6a648b3cda34f6e62505828456b8f74a9073b40aebfa2965ae7fe36717969a8444ea4c94a9c4ec498a655be6d41d0bb2c2bbcf9a246813fe3f995de4d6775ffd

    • SSDEEP

      24576:XqgLbQGiEwAUnxA7H0slfGJpmd4qEvLtbQgxaO/VXuLOpfdIuA0Fre2M6QJ:XrbRwDC7AmsvnVXdQuA/7R

    Score
    10/10
    chinese_generic_botnetbotnetevasiontrojanpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • UAC bypass

      evasiontrojan

    • Windows security bypass

      evasiontrojan

    • Chinese Botnet payload

      botnet

    • Looks for VirtualBox Guest Additions in registry

      evasion

    • Looks for VMWare Tools registry key

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Windows security modification

      evasiontrojan

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks