Overview

overview

10

Static

static

3

544f8dfee0...18.dll

windows7-x64

10

544f8dfee0...18.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    544f8dfee031d02135551937f709db68_JaffaCakes118

  • Size

    536KB

  • Sample

    240331-pmn2jabc7x

  • MD5

    544f8dfee031d02135551937f709db68

  • SHA1

    ed82e2e0bbd8a1efeb430dd625e120447bcf1a45

  • SHA256

    78d584b482cc097815d1beae4043a6533192670bd5214f3e920907326fe64ae6

  • SHA512

    03500354c8c3d4e4698c659f0a15db75d45586d9253ecd4ffcc0e4b53de11c97d3750217198f95b760093524c893b8ec7cba0fb472189c3239a3c87f2dfca6cf

  • SSDEEP

    6144:0nlQpnkPAfVUCaJBr7kaCLfepSyRntuoJF:0nlQpkPAfiCaJBr2yptp

Score
10/10
chinese_generic_botnetbotnetpersistence

Malware Config

Targets

    • Target

      544f8dfee031d02135551937f709db68_JaffaCakes118

    • Size

      536KB

    • MD5

      544f8dfee031d02135551937f709db68

    • SHA1

      ed82e2e0bbd8a1efeb430dd625e120447bcf1a45

    • SHA256

      78d584b482cc097815d1beae4043a6533192670bd5214f3e920907326fe64ae6

    • SHA512

      03500354c8c3d4e4698c659f0a15db75d45586d9253ecd4ffcc0e4b53de11c97d3750217198f95b760093524c893b8ec7cba0fb472189c3239a3c87f2dfca6cf

    • SSDEEP

      6144:0nlQpnkPAfVUCaJBr7kaCLfepSyRntuoJF:0nlQpkPAfiCaJBr2yptp

    Score
    10/10
    chinese_generic_botnetbotnetpersistence

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

      botnetchinese_generic_botnet

    • Chinese Botnet payload

      botnet

    • Blocklisted process makes network request

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks