chinese_generic_botnet | a63c167748663147e6cd4121290365a5f157c71f5860140b0660c593c09cae05 | Triage

Submit
Reports

Overview

overview

Static

static

7

a63c167748...05.exe

windows7-x64

a63c167748...05.exe

windows10-2004-x64

Sharing

General

Target

a63c167748663147e6cd4121290365a5f157c71f5860140b0660c593c09cae05
Size

468KB
Sample

240326-tgc5asgg51
MD5

a34d6327f5e271b2a9160d95c31c3079
SHA1

dfb679c8136695f374c31901df459e1ff04b611f
SHA256

a63c167748663147e6cd4121290365a5f157c71f5860140b0660c593c09cae05
SHA512

644dce5494a540ae55fd71f6d39e628b69bc4f9248c1e1bf4be7051dae9de62207ca4fff93abf20129f9e1546e94cb430c8b1a1b514f732cfec481cb1c5bcfd9
SSDEEP

3072:GyfZbD3v5+6eRod1kPgGZmKa95wVo06OmRqIzEke+O:JfZ3vEaLWpmr95wS1OIFA

Score

10^/10

chinese_generic_botnet aspackv2 botnet persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a63c167748663147e6cd4121290365a5f157c71f5860140b0660c593c09cae05.exe

Resource

win7-20240221-en

chinese_generic_botnet aspackv2 botnet

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

a63c167748663147e6cd4121290365a5f157c71f5860140b0660c593c09cae05.exe

Resource

win10v2004-20240226-en

chinese_generic_botnet botnet persistence

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  a63c167748663147e6cd4121290365a5f157c71f5860140b0660c593c09cae05
- Size
  
  468KB
- MD5
  
  a34d6327f5e271b2a9160d95c31c3079
- SHA1
  
  dfb679c8136695f374c31901df459e1ff04b611f
- SHA256
  
  a63c167748663147e6cd4121290365a5f157c71f5860140b0660c593c09cae05
- SHA512
  
  644dce5494a540ae55fd71f6d39e628b69bc4f9248c1e1bf4be7051dae9de62207ca4fff93abf20129f9e1546e94cb430c8b1a1b514f732cfec481cb1c5bcfd9
- SSDEEP
  
  3072:GyfZbD3v5+6eRod1kPgGZmKa95wVo06OmRqIzEke+O:JfZ3vEaLWpmr95wS1OIFA
Score

10^/10

chinese_generic_botnet aspackv2 botnet persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- ASPack v2.12-2.42
  Detects executables packed with ASPack v2.12-2.42
  aspackv2
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

chinese_generic_botnetaspackv2botnet

behavioral2

chinese_generic_botnetbotnetpersistence

© 2018-2024

Terms | Privacy