General
-
Target
a5dce61c3ff74b85a8b9c0e0c85ab3fc7f9abfb0b193c3143350fd0465af368b
-
Size
356KB
-
Sample
231101-kgdldsfh78
-
MD5
94d9c90d061ebd0ab7381acbd76557e9
-
SHA1
b83d3825315e838b6c3f043eea70619ff481fb41
-
SHA256
a5dce61c3ff74b85a8b9c0e0c85ab3fc7f9abfb0b193c3143350fd0465af368b
-
SHA512
1de65f56b1c4ad7ea394711b7d1ed83f57584acab1f3dbe104b40815af1237fd9b69e4d40f103b60df42afbda32c514f6f16fa9560158630308ab9ab4152b6b5
-
SSDEEP
3072:jAAdrtr5NutIdzQnT81FQoSE0iHjbRhyxKugK34b8HB/ojT7Eik:hZ5NugPQoSE0iHjbRIxKugK34GB/ojTS
Malware Config
Targets
-
-
Target
a5dce61c3ff74b85a8b9c0e0c85ab3fc7f9abfb0b193c3143350fd0465af368b
-
Size
356KB
-
MD5
94d9c90d061ebd0ab7381acbd76557e9
-
SHA1
b83d3825315e838b6c3f043eea70619ff481fb41
-
SHA256
a5dce61c3ff74b85a8b9c0e0c85ab3fc7f9abfb0b193c3143350fd0465af368b
-
SHA512
1de65f56b1c4ad7ea394711b7d1ed83f57584acab1f3dbe104b40815af1237fd9b69e4d40f103b60df42afbda32c514f6f16fa9560158630308ab9ab4152b6b5
-
SSDEEP
3072:jAAdrtr5NutIdzQnT81FQoSE0iHjbRhyxKugK34b8HB/ojT7Eik:hZ5NugPQoSE0iHjbRIxKugK34GB/ojTS
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-