General
-
Target
file.exe
-
Size
1.6MB
-
Sample
230116-23zjesfa55
-
MD5
c326b83a1c289944a918f0dc22f7c003
-
SHA1
b835f673d18e44631d5e138e8d20243829ae93a7
-
SHA256
9af327b367b69a023c5269d7da2f73dbf7cb56580f6ac9a108c4bcb3a622842d
-
SHA512
8188fea4ebd3da84a752779a57b43e6f3cc573772dc305aff3f7173e7fc6c5be8f3f9629ab609a89603ee9ef5b27e31f79615f10dcecacb150866986cc6b3975
-
SSDEEP
24576:lnsJ39LyjbJkQFMhmC+6GD9BkzIs5pR9sgyRpYmGmYnUOPiWGIkq:lnsHyjtk2MYC5GDyiei+oId
Malware Config
Targets
-
-
Target
file.exe
-
Size
1.6MB
-
MD5
c326b83a1c289944a918f0dc22f7c003
-
SHA1
b835f673d18e44631d5e138e8d20243829ae93a7
-
SHA256
9af327b367b69a023c5269d7da2f73dbf7cb56580f6ac9a108c4bcb3a622842d
-
SHA512
8188fea4ebd3da84a752779a57b43e6f3cc573772dc305aff3f7173e7fc6c5be8f3f9629ab609a89603ee9ef5b27e31f79615f10dcecacb150866986cc6b3975
-
SSDEEP
24576:lnsJ39LyjbJkQFMhmC+6GD9BkzIs5pR9sgyRpYmGmYnUOPiWGIkq:lnsHyjtk2MYC5GDyiei+oId
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-