chinese_generic_botnet | aef63b35e5a7b886462dcdc7549f1ac0dfac208102d5dd1b12c23f52a6e53874

General

Target

aef63b35e5a7b886462dcdc7549f1ac0dfac208102d5dd1b12c23f52a6e53874
Size

564KB
Sample

240106-rytghaadam
MD5

7cc28064f9d8829bd1e0ed93e01513b6
SHA1

05c3cfb3e8145b384e07e0080802180b8fd079c2
SHA256

aef63b35e5a7b886462dcdc7549f1ac0dfac208102d5dd1b12c23f52a6e53874
SHA512

a8da0db1c9af3fa8ad3a21beddc13a69ba099c2e03370d30bab27076de2a8c097c77d72728afc8d967a95196dc8db44da2ddb32d66bc4489f81c873039108c61
SSDEEP

3072:tHMIeSFXAJZJnYC8rgIzVL2UzuvnMB/N23ooBujtk1wLpsUMEMuKi7U+FTlHHyo:eCQJZJt8kIJL2cxM7gpsUMLS7U6ln

Score

10^/10

Malware Config

Targets

- Target
  
  aef63b35e5a7b886462dcdc7549f1ac0dfac208102d5dd1b12c23f52a6e53874
- Size
  
  564KB
- MD5
  
  7cc28064f9d8829bd1e0ed93e01513b6
- SHA1
  
  05c3cfb3e8145b384e07e0080802180b8fd079c2
- SHA256
  
  aef63b35e5a7b886462dcdc7549f1ac0dfac208102d5dd1b12c23f52a6e53874
- SHA512
  
  a8da0db1c9af3fa8ad3a21beddc13a69ba099c2e03370d30bab27076de2a8c097c77d72728afc8d967a95196dc8db44da2ddb32d66bc4489f81c873039108c61
- SSDEEP
  
  3072:tHMIeSFXAJZJnYC8rgIzVL2UzuvnMB/N23ooBujtk1wLpsUMEMuKi7U+FTlHHyo:eCQJZJt8kIJL2cxM7gpsUMLS7U6ln
Score

10^/10

chinese_generic_botnet gh0strat botnet rat upx
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Gh0st RAT payload
- Gh0strat
  Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
  rat gh0strat
- Chinese Botnet payload
  botnet
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Generic Chinese Botnet

Gh0st RAT payload

Gh0strat

Chinese Botnet payload

UPX packed file

Enumerates connected drives

Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2