chinese_generic_botnet | 78d584b482cc097815d1beae4043a6533192670bd5214f3e920907326fe64ae6 | Triage

Sharing

General

Target

544f8dfee031d02135551937f709db68_JaffaCakes118
Size

536KB
Sample

240331-pmn2jabc7x
MD5

544f8dfee031d02135551937f709db68
SHA1

ed82e2e0bbd8a1efeb430dd625e120447bcf1a45
SHA256

78d584b482cc097815d1beae4043a6533192670bd5214f3e920907326fe64ae6
SHA512

03500354c8c3d4e4698c659f0a15db75d45586d9253ecd4ffcc0e4b53de11c97d3750217198f95b760093524c893b8ec7cba0fb472189c3239a3c87f2dfca6cf
SSDEEP

6144:0nlQpnkPAfVUCaJBr7kaCLfepSyRntuoJF:0nlQpkPAfiCaJBr2yptp

Score

10^/10

chinese_generic_botnet botnet persistence

Malware Config

Targets

- Target
  
  544f8dfee031d02135551937f709db68_JaffaCakes118
- Size
  
  536KB
- MD5
  
  544f8dfee031d02135551937f709db68
- SHA1
  
  ed82e2e0bbd8a1efeb430dd625e120447bcf1a45
- SHA256
  
  78d584b482cc097815d1beae4043a6533192670bd5214f3e920907326fe64ae6
- SHA512
  
  03500354c8c3d4e4698c659f0a15db75d45586d9253ecd4ffcc0e4b53de11c97d3750217198f95b760093524c893b8ec7cba0fb472189c3239a3c87f2dfca6cf
- SSDEEP
  
  6144:0nlQpnkPAfVUCaJBr7kaCLfepSyRntuoJF:0nlQpkPAfiCaJBr2yptp
Score

10^/10

chinese_generic_botnet botnet persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnetpersistence

behavioral2

chinese_generic_botnetbotnetpersistence