General

  • Target

    16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61

  • Size

    1.2MB

  • Sample

    240315-lzndzsde5x

  • MD5

    9e5fde8bba8671999281f6b5b4de26b2

  • SHA1

    da1b174b943a5712c652a6543be848628cbd4de4

  • SHA256

    16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61

  • SHA512

    1633ef0b446bf569dc8cf15266aecc108cb2e81975e1ff5bab37fa2beec97afc2068a14a70491ceb998ffed226b969166649a03e025a4e069ed35f6969371b81

  • SSDEEP

    24576:QshXD6/mnBX0baKc1uqz6wwlFGaT0SiZRZocISDNAmZ:7tZ0N1quvv43ZorSD7

Malware Config

Targets

    • Target

      16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61

    • Size

      1.2MB

    • MD5

      9e5fde8bba8671999281f6b5b4de26b2

    • SHA1

      da1b174b943a5712c652a6543be848628cbd4de4

    • SHA256

      16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61

    • SHA512

      1633ef0b446bf569dc8cf15266aecc108cb2e81975e1ff5bab37fa2beec97afc2068a14a70491ceb998ffed226b969166649a03e025a4e069ed35f6969371b81

    • SSDEEP

      24576:QshXD6/mnBX0baKc1uqz6wwlFGaT0SiZRZocISDNAmZ:7tZ0N1quvv43ZorSD7

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

    • Chinese Botnet payload

    • Executes dropped EXE

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks