chinese_generic_botnet | 3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d | Triage

Submit
Reports

Overview

overview

Static

static

3fee7f944d...3d.exe

windows7-x64

3fee7f944d...3d.exe

windows10-2004-x64

Sharing

General

Target

3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d
Size

573KB
Sample

240503-zsdg4ahh53
MD5

4de52afe5be73651d8121a799cc08b59
SHA1

1e269edfab7f8f84a8f212b2288a0f13aa499af8
SHA256

3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d
SHA512

13a166155992729037a6a8058bd267481013cdb9f768537568e954ccf142e31880b4e59f2cfba9da1420c42d8c2aa6edd0ff90194848db3c713d898c8b16922d
SSDEEP

12288:nsaY8rigT27rMf3hGrBvelimccunSH2JGhfZ+1hmohdTyeTqy:B/rxT28EvelFfunSH2wxZ+9hFT/

Score

10^/10

chinese_generic_botnet botnet persistence upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d.exe

Resource

win7-20240221-en

chinese_generic_botnet botnet upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d.exe

Resource

win10v2004-20240419-en

chinese_generic_botnet botnet persistence upx

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d
- Size
  
  573KB
- MD5
  
  4de52afe5be73651d8121a799cc08b59
- SHA1
  
  1e269edfab7f8f84a8f212b2288a0f13aa499af8
- SHA256
  
  3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d
- SHA512
  
  13a166155992729037a6a8058bd267481013cdb9f768537568e954ccf142e31880b4e59f2cfba9da1420c42d8c2aa6edd0ff90194848db3c713d898c8b16922d
- SSDEEP
  
  12288:nsaY8rigT27rMf3hGrBvelimccunSH2JGhfZ+1hmohdTyeTqy:B/rxT28EvelFfunSH2wxZ+9hFT/
Score

10^/10

chinese_generic_botnet botnet upx persistence
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- UPX dump on OEP (original entry point)
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

chinese_generic_botnetbotnetupx

behavioral2

chinese_generic_botnetbotnetpersistenceupx

© 2018-2024

Terms | Privacy