General
-
Target
tmp
-
Size
1.1MB
-
Sample
230817-sltr6sab54
-
MD5
700fc96585a4947fcdf27a271d40876f
-
SHA1
121edbdefb9a894ff217f20c963626ec1bd94770
-
SHA256
65a0ece86fe16402e51a637d121bddccfa0d1d026bd0cec7f7ead19c31507eaa
-
SHA512
748d5fd5421bdb51421dc9a33c2a4ca93a66d1afcdeb03a766513b81e05a337e52ad3fdacb852e8e037e7dfffdb3e6cfec3fe376d885a8c8b8da5188cd4c032e
-
SSDEEP
12288:VMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9FC9/W74Vf:VnsJ39LyjbJkQFMhmC+6GD9mW7S
Malware Config
Targets
-
-
Target
tmp
-
Size
1.1MB
-
MD5
700fc96585a4947fcdf27a271d40876f
-
SHA1
121edbdefb9a894ff217f20c963626ec1bd94770
-
SHA256
65a0ece86fe16402e51a637d121bddccfa0d1d026bd0cec7f7ead19c31507eaa
-
SHA512
748d5fd5421bdb51421dc9a33c2a4ca93a66d1afcdeb03a766513b81e05a337e52ad3fdacb852e8e037e7dfffdb3e6cfec3fe376d885a8c8b8da5188cd4c032e
-
SSDEEP
12288:VMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9FC9/W74Vf:VnsJ39LyjbJkQFMhmC+6GD9mW7S
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-