Overview

overview

10

Static

static

3

bf1b236aec...3c.exe

windows7-x64

10

bf1b236aec...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf1b236aecfa2335a1cfcf0f8eb0fac6dffcd3a38af5cab0ad915fd892e3173c

  • Size

    1.1MB

  • Sample

    231027-nxq37sfg33

  • MD5

    85d068b9520b8b201825d0323e12efb0

  • SHA1

    7b38e0b0513718631025b2461446a6684270d509

  • SHA256

    bf1b236aecfa2335a1cfcf0f8eb0fac6dffcd3a38af5cab0ad915fd892e3173c

  • SHA512

    185f0ec0c89a0fb848c3dbc7589e3ba7b17da676002f391f36ecb5352a9b25c3a232f719aa0078b689374fd2d28b3393fd1754e174c2adfb20357b59b8b08aee

  • SSDEEP

    12288:3MBAGXnfaIWI8tUsSgmfS4ReK6iM/mt7BmbKZit0gxqIfNOwFx/khlZhT7FIF:8BRaIcUvjfxeK6ib7/ZU00qIf3yhT7FC

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      bf1b236aecfa2335a1cfcf0f8eb0fac6dffcd3a38af5cab0ad915fd892e3173c

    • Size

      1.1MB

    • MD5

      85d068b9520b8b201825d0323e12efb0

    • SHA1

      7b38e0b0513718631025b2461446a6684270d509

    • SHA256

      bf1b236aecfa2335a1cfcf0f8eb0fac6dffcd3a38af5cab0ad915fd892e3173c

    • SHA512

      185f0ec0c89a0fb848c3dbc7589e3ba7b17da676002f391f36ecb5352a9b25c3a232f719aa0078b689374fd2d28b3393fd1754e174c2adfb20357b59b8b08aee

    • SSDEEP

      12288:3MBAGXnfaIWI8tUsSgmfS4ReK6iM/mt7BmbKZit0gxqIfNOwFx/khlZhT7FIF:8BRaIcUvjfxeK6ib7/ZU00qIf3yhT7FC

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks