chinese_generic_botnet | 66efd841fe3f48cba194688551284c8b7b775d8dd7401b813fd879bf7b366e7f | Triage

Submit
Reports

Overview

overview

Static

static

3

2024-09-14...id.exe

windows7-x64

2024-09-14...id.exe

windows10-2004-x64

7

Sharing

General

Target

2024-09-14_431c75b491aa7535b92c5d9c00e23675_icedid
Size

2.0MB
Sample

240914-19t2vazdqn
MD5

431c75b491aa7535b92c5d9c00e23675
SHA1

08f45830bc988aa234db210881c3e6a10c92cd5a
SHA256

66efd841fe3f48cba194688551284c8b7b775d8dd7401b813fd879bf7b366e7f
SHA512

6b0c1c9b8fb53261cd400a304c8d01bd0980186f26e9ec6215d7b87eeb1199321a8d3043757ec31047d72c05c656f2c3b27cce6d6e0acc95ea3ed9023d0c023e
SSDEEP

49152:6X4uXjo0Zdx+3M7TF5D2n+H5cOoUao+vib4rMw:e4uTo0Zdxzs9Oobo+q8Mw

Score

10^/10

chinese_generic_botnet botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2024-09-14_431c75b491aa7535b92c5d9c00e23675_icedid.exe

Resource

win7-20240903-en

chinese_generic_botnet botnet discovery

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-09-14_431c75b491aa7535b92c5d9c00e23675_icedid.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-09-14_431c75b491aa7535b92c5d9c00e23675_icedid
- Size
  
  2.0MB
- MD5
  
  431c75b491aa7535b92c5d9c00e23675
- SHA1
  
  08f45830bc988aa234db210881c3e6a10c92cd5a
- SHA256
  
  66efd841fe3f48cba194688551284c8b7b775d8dd7401b813fd879bf7b366e7f
- SHA512
  
  6b0c1c9b8fb53261cd400a304c8d01bd0980186f26e9ec6215d7b87eeb1199321a8d3043757ec31047d72c05c656f2c3b27cce6d6e0acc95ea3ed9023d0c023e
- SSDEEP
  
  49152:6X4uXjo0Zdx+3M7TF5D2n+H5cOoUao+vib4rMw:e4uTo0Zdxzs9Oobo+q8Mw
Score

10^/10

chinese_generic_botnet botnet discovery
- Generic Chinese Botnet
  A botnet originating from China which is currently unnamed publicly.
  botnet chinese_generic_botnet
- Chinese Botnet payload
  botnet
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

chinese_generic_botnetbotnetdiscovery

behavioral2

© 2018-2024

Terms | Privacy