General
-
Target
fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac
-
Size
3.3MB
-
Sample
231012-fxbphsbc83
-
MD5
51c2df4c151377008a867e9936101485
-
SHA1
6ce54dacd601acf26930864baed50cbe76504037
-
SHA256
fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac
-
SHA512
9f576d81e66f11db5a7e84a52016ee0fd96c8ccba088a586ffec8dd8788be4e8655df994aa0690297aa41b74237a57ee3f412630199de1dca964fee0d5302f70
-
SSDEEP
98304:N2HKwycIFgnZkcOyqxcQDFUg5CBgwjYNTtnpO:nFgEDcfg5CBgbNT/O
Static task
static1
Behavioral task
behavioral1
Sample
fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac.exe
Resource
win10v2004-20230915-en
Malware Config
Targets
-
-
Target
fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac
-
Size
3.3MB
-
MD5
51c2df4c151377008a867e9936101485
-
SHA1
6ce54dacd601acf26930864baed50cbe76504037
-
SHA256
fa0943feb5cc47c89fbbf1a30ba8f196610c6f562741cde6b8b9f0a19f8c74ac
-
SHA512
9f576d81e66f11db5a7e84a52016ee0fd96c8ccba088a586ffec8dd8788be4e8655df994aa0690297aa41b74237a57ee3f412630199de1dca964fee0d5302f70
-
SSDEEP
98304:N2HKwycIFgnZkcOyqxcQDFUg5CBgwjYNTtnpO:nFgEDcfg5CBgbNT/O
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-