General
-
Target
Server_se.exe
-
Size
1.3MB
-
Sample
220818-q7jszsfcfj
-
MD5
568563501bedc44175d2218a59a43a02
-
SHA1
8589da7010602a88a1caaa7e07382a1c1b35a453
-
SHA256
31fc16d69939d4b8b18df3d0781b38aedfb4520ad14befa70d64d4f72e27bee6
-
SHA512
7c81452c5a892e789d5bb41df5ea3b9a18ecb8b4b3289f42fb791a21155a34a628a5dff1fbee41325aee11d0e9bfc25630d7f20c9b3ec6a90aed2df10de421fb
-
SSDEEP
24576:4VhELLwx8M7zzzJNQ5rk6QJJshNc7zwZdeYD6i7wvNeQjo95HoFN6WtljaEy9TM:4VhaIzBNur8JshKIZAYPmJjo95HoFN68
Malware Config
Targets
-
-
Target
Server_se.exe
-
Size
1.3MB
-
MD5
568563501bedc44175d2218a59a43a02
-
SHA1
8589da7010602a88a1caaa7e07382a1c1b35a453
-
SHA256
31fc16d69939d4b8b18df3d0781b38aedfb4520ad14befa70d64d4f72e27bee6
-
SHA512
7c81452c5a892e789d5bb41df5ea3b9a18ecb8b4b3289f42fb791a21155a34a628a5dff1fbee41325aee11d0e9bfc25630d7f20c9b3ec6a90aed2df10de421fb
-
SSDEEP
24576:4VhELLwx8M7zzzJNQ5rk6QJJshNc7zwZdeYD6i7wvNeQjo95HoFN6WtljaEy9TM:4VhaIzBNur8JshKIZAYPmJjo95HoFN68
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-