General

  • Target

    3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d

  • Size

    573KB

  • Sample

    240503-zsdg4ahh53

  • MD5

    4de52afe5be73651d8121a799cc08b59

  • SHA1

    1e269edfab7f8f84a8f212b2288a0f13aa499af8

  • SHA256

    3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d

  • SHA512

    13a166155992729037a6a8058bd267481013cdb9f768537568e954ccf142e31880b4e59f2cfba9da1420c42d8c2aa6edd0ff90194848db3c713d898c8b16922d

  • SSDEEP

    12288:nsaY8rigT27rMf3hGrBvelimccunSH2JGhfZ+1hmohdTyeTqy:B/rxT28EvelFfunSH2wxZ+9hFT/

Malware Config

Targets

    • Target

      3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d

    • Size

      573KB

    • MD5

      4de52afe5be73651d8121a799cc08b59

    • SHA1

      1e269edfab7f8f84a8f212b2288a0f13aa499af8

    • SHA256

      3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d

    • SHA512

      13a166155992729037a6a8058bd267481013cdb9f768537568e954ccf142e31880b4e59f2cfba9da1420c42d8c2aa6edd0ff90194848db3c713d898c8b16922d

    • SSDEEP

      12288:nsaY8rigT27rMf3hGrBvelimccunSH2JGhfZ+1hmohdTyeTqy:B/rxT28EvelFfunSH2wxZ+9hFT/

    • Generic Chinese Botnet

      A botnet originating from China which is currently unnamed publicly.

    • Chinese Botnet payload

    • UPX dump on OEP (original entry point)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks