General
-
Target
tmp
-
Size
4.4MB
-
Sample
220317-eykhdahffp
-
MD5
549a8bb3b1c7ba1212b0bcd5d52ac483
-
SHA1
3be0de1d50a3a155e8c110538863c2858276745d
-
SHA256
ac13d53f8bdc2b3792eb241b7b112c528292c47cd35ad317cf413cdace03251e
-
SHA512
098818e5576682b21fb755d18d59585505815a257e3081dd3cabd1711c39f15f437bf69c376cfb1433118be86a7bc6931cde3226e3b6168bf91231588bb5ced7
Malware Config
Targets
-
-
Target
tmp
-
Size
4.4MB
-
MD5
549a8bb3b1c7ba1212b0bcd5d52ac483
-
SHA1
3be0de1d50a3a155e8c110538863c2858276745d
-
SHA256
ac13d53f8bdc2b3792eb241b7b112c528292c47cd35ad317cf413cdace03251e
-
SHA512
098818e5576682b21fb755d18d59585505815a257e3081dd3cabd1711c39f15f437bf69c376cfb1433118be86a7bc6931cde3226e3b6168bf91231588bb5ced7
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
suricata: ET MALWARE Possible Malicious Macro DL EXE Feb 2016
-
Chinese Botnet Payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-