Overview

overview

10

Static

static

3

db3634519c...08.exe

windows7-x64

10

db3634519c...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db3634519c2d504f67f0ac5518d4c208

  • Size

    312KB

  • Sample

    240321-ksd2asfg87

  • MD5

    db3634519c2d504f67f0ac5518d4c208

  • SHA1

    752eaa1a95d1179ac825119d27c006ddeda41d6b

  • SHA256

    69d7973f1002d543c7e1935b95a4493ec29d0c21d3dc5e50d2f477868a914f70

  • SHA512

    3cca550e3fc9360f97b04c64172daface1e2a5f2b6508fc141f15214bf9e668a88e81ed487b40d926a944e0c71d35f2f97fb2066a66dfb4dab2f264410b6d751

  • SSDEEP

    6144:JEeHlmxEW0qLFWfs/ZnGWvAljyyqI7rRgdixjTwa/RxJg:JTgTZWk/oWvARy9oRxHY

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      db3634519c2d504f67f0ac5518d4c208

    • Size

      312KB

    • MD5

      db3634519c2d504f67f0ac5518d4c208

    • SHA1

      752eaa1a95d1179ac825119d27c006ddeda41d6b

    • SHA256

      69d7973f1002d543c7e1935b95a4493ec29d0c21d3dc5e50d2f477868a914f70

    • SHA512

      3cca550e3fc9360f97b04c64172daface1e2a5f2b6508fc141f15214bf9e668a88e81ed487b40d926a944e0c71d35f2f97fb2066a66dfb4dab2f264410b6d751

    • SSDEEP

      6144:JEeHlmxEW0qLFWfs/ZnGWvAljyyqI7rRgdixjTwa/RxJg:JTgTZWk/oWvARy9oRxHY

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks