General
-
Target
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61
-
Size
976KB
-
Sample
221016-eqpgcsghb2
-
MD5
960e271e42a03c8398952411d604effe
-
SHA1
0edbd4619b2971182567877b6c05033a7782f0e5
-
SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61
-
SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d
-
SSDEEP
6144:rYC/9GCx9syJZHZ6u8YUphxWHlygHR4f87Re7QeUC5Uxe9siOinsB8g+9:rY6GCxLZj8YUphxWHUgHeCRe7Vbf
Malware Config
Targets
-
-
Target
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61
-
Size
976KB
-
MD5
960e271e42a03c8398952411d604effe
-
SHA1
0edbd4619b2971182567877b6c05033a7782f0e5
-
SHA256
5bfd4c0a1a312e001c0aad5bd7a15bfb815d91461ebe15c813723c3b9f380e61
-
SHA512
e5c604eacdd8d9f2d75a09ac61d498780cdeb25764c9dfbf7249bbf130563be670575cd6746c00f246d04a81b54865ff8fe2a6b1c5ca6c7ba2ab5dd7102dc30d
-
SSDEEP
6144:rYC/9GCx9syJZHZ6u8YUphxWHlygHR4f87Re7QeUC5Uxe9siOinsB8g+9:rY6GCxLZj8YUphxWHUgHeCRe7Vbf
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-