chinese_generic_botnet | e42d735a519713d88832f38132c7089e9380fa4b8dad0b22ffa83d30c66d1198 | Triage

Sharing

General

Target

e42d735a519713d88832f38132c7089e9380fa4b8dad0b22ffa83d30c66d1198
Size

3.3MB
Sample

240407-l2vk3saf98
MD5

dc1fab2c3e39297e8973d4154b33ef8e
SHA1

cf30c2d4bdf8f24a0023c373370907bef2d5d057
SHA256

e42d735a519713d88832f38132c7089e9380fa4b8dad0b22ffa83d30c66d1198
SHA512

86431dcf629d5461be807ca50e2b84addc3e3705cc4e1e15fa71713bc97ced1900142f4ad7a24304fcaefdd76c767870daeb195eb453d5ce2876db0c3c178089
SSDEEP

49152:t/Nsxi03zDWi26fs2cWDAbcl7jkv4+9Ry4kjCz:t/NsT0uDhEv4n4M

Score

10^/10

chinese_generic_botnet botnet persistence

Malware Config

Targets

- Target
  
  e42d735a519713d88832f38132c7089e9380fa4b8dad0b22ffa83d30c66d1198
- Size
  
  3.3MB
- MD5
  
  dc1fab2c3e39297e8973d4154b33ef8e
- SHA1
  
  cf30c2d4bdf8f24a0023c373370907bef2d5d057
- SHA256
  
  e42d735a519713d88832f38132c7089e9380fa4b8dad0b22ffa83d30c66d1198
- SHA512
  
  86431dcf629d5461be807ca50e2b84addc3e3705cc4e1e15fa71713bc97ced1900142f4ad7a24304fcaefdd76c767870daeb195eb453d5ce2876db0c3c178089
- SSDEEP
  
  49152:t/Nsxi03zDWi26fs2cWDAbcl7jkv4+9Ry4kjCz:t/NsT0uDhEv4n4M
Score

10^/10

chinese_generic_botnet botnet persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

chinese_generic_botnetbotnet

behavioral2

chinese_generic_botnetbotnetpersistence