Overview

overview

10

Static

static

3

098d2e56d2...ef.exe

windows7-x64

10

098d2e56d2...ef.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    098d2e56d29568e907b5df84ca8cd629fb5e24ec1f612b60133dda9063ce8aef

  • Size

    1.7MB

  • Sample

    231114-m1lgfscc74

  • MD5

    3a740fd4be0cf91afb6b24578377831b

  • SHA1

    13672b2c077adab7132243ad5668b790d97542a9

  • SHA256

    098d2e56d29568e907b5df84ca8cd629fb5e24ec1f612b60133dda9063ce8aef

  • SHA512

    b3d9821e2677d9a696548a65ea842b9bac2cec5b616f0162c53c83a1da9bf64beddfe4a46fcb901ba8490d9abe6d02e8cb88c57c8864a91981b27a6ae84de0ae

  • SSDEEP

    12288:2G/0XYg0NtX46rHjOe7Sy5oFUEv6xgIsxITrLSRfWP5x0c:2G8XY5NF4sjP152Ua6dsxI8f05v

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      098d2e56d29568e907b5df84ca8cd629fb5e24ec1f612b60133dda9063ce8aef

    • Size

      1.7MB

    • MD5

      3a740fd4be0cf91afb6b24578377831b

    • SHA1

      13672b2c077adab7132243ad5668b790d97542a9

    • SHA256

      098d2e56d29568e907b5df84ca8cd629fb5e24ec1f612b60133dda9063ce8aef

    • SHA512

      b3d9821e2677d9a696548a65ea842b9bac2cec5b616f0162c53c83a1da9bf64beddfe4a46fcb901ba8490d9abe6d02e8cb88c57c8864a91981b27a6ae84de0ae

    • SSDEEP

      12288:2G/0XYg0NtX46rHjOe7Sy5oFUEv6xgIsxITrLSRfWP5x0c:2G8XY5NF4sjP152Ua6dsxI8f05v

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks