General
-
Target
1d0e642944902e1e597158a6029e56ccc7fd2877ec27aec420ff81b20c1fd180
-
Size
362KB
-
Sample
221223-d9cq8sah41
-
MD5
99be0e637186d469b647525e9275ccfc
-
SHA1
83a797037fd4c10f1248387395cc039aa9f3c71b
-
SHA256
1d0e642944902e1e597158a6029e56ccc7fd2877ec27aec420ff81b20c1fd180
-
SHA512
1477f8db399c74174379ff881f6dcd9148bf57ff29839c466259d4c17235254e66cfd0410e5d0d79304a1a4f8352910d64a4f1446f7ed9cd5ceccd285ed265d5
-
SSDEEP
3072:N8jSZi34eTzl5KV2GenT0cTtm2LAQSXVqjzpYfJhrI:quZ5eg2GenQ67wk3pyJhrI
Malware Config
Targets
-
-
Target
1d0e642944902e1e597158a6029e56ccc7fd2877ec27aec420ff81b20c1fd180
-
Size
362KB
-
MD5
99be0e637186d469b647525e9275ccfc
-
SHA1
83a797037fd4c10f1248387395cc039aa9f3c71b
-
SHA256
1d0e642944902e1e597158a6029e56ccc7fd2877ec27aec420ff81b20c1fd180
-
SHA512
1477f8db399c74174379ff881f6dcd9148bf57ff29839c466259d4c17235254e66cfd0410e5d0d79304a1a4f8352910d64a4f1446f7ed9cd5ceccd285ed265d5
-
SSDEEP
3072:N8jSZi34eTzl5KV2GenT0cTtm2LAQSXVqjzpYfJhrI:quZ5eg2GenQ67wk3pyJhrI
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-