General

  • Target

    tmp

  • Size

    3.3MB

  • Sample

    240420-wfzysaee2v

  • MD5

    d6c0cf36d24f9c78d3e9c62c1ab10d7a

  • SHA1

    40aef92c854049c716038a8ab79758d9d579b90d

  • SHA256

    cc13d8ef2716a7653e04f1ee11a9be519897982cd83ae95559cb08513ed21c7e

  • SHA512

    16b6b134417c3e9f067c2a1e8205067a2a9fac2b4d6342e2da7c8a90d8dcf4fff07ad39ade8e8b007a6a019419a58a733bb722463a472677f472380cf1b8a2bd

  • SSDEEP

    98304:e4uTo0ZdxryDXakEfkslniBGT93rAS1Up0:e4eNeGTfksliBc933G+

Malware Config

Targets

    • Target

      tmp

    • Size

      3.3MB

    • MD5

      d6c0cf36d24f9c78d3e9c62c1ab10d7a

    • SHA1

      40aef92c854049c716038a8ab79758d9d579b90d

    • SHA256

      cc13d8ef2716a7653e04f1ee11a9be519897982cd83ae95559cb08513ed21c7e

    • SHA512

      16b6b134417c3e9f067c2a1e8205067a2a9fac2b4d6342e2da7c8a90d8dcf4fff07ad39ade8e8b007a6a019419a58a733bb722463a472677f472380cf1b8a2bd

    • SSDEEP

      98304:e4uTo0ZdxryDXakEfkslniBGT93rAS1Up0:e4eNeGTfksliBc933G+

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

    • Chinese Botnet payload

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks