General
-
Target
98b80e7fed4b3492ca1fb4e44fc8b239739e66679a92e27d9a37a1968b9d1c4c
-
Size
4.1MB
-
Sample
231125-2x9r7sdf7z
-
MD5
38ba300995f10a2fc95bdf4428ca6405
-
SHA1
2a03a9350c7ec86b66ea48042a7e61c88a3db7eb
-
SHA256
98b80e7fed4b3492ca1fb4e44fc8b239739e66679a92e27d9a37a1968b9d1c4c
-
SHA512
7c08878434aa53ae269e5a4e98111e5f2e4f477e9d1ae719df3ca13f32f64aa3b3ccadbad008282309d116452e5e4b39018d4e5802daf26e5d50cc1083a97de2
-
SSDEEP
49152:d9utIMHSlVNEPS5B8riKy3hEPLna+NiW56wCpVHJNt/Mn+s8KuqGaX0ToIBAUZL1:7jMS5+riKyePLVNP6THJvJBAUZLjh
Malware Config
Targets
-
-
Target
98b80e7fed4b3492ca1fb4e44fc8b239739e66679a92e27d9a37a1968b9d1c4c
-
Size
4.1MB
-
MD5
38ba300995f10a2fc95bdf4428ca6405
-
SHA1
2a03a9350c7ec86b66ea48042a7e61c88a3db7eb
-
SHA256
98b80e7fed4b3492ca1fb4e44fc8b239739e66679a92e27d9a37a1968b9d1c4c
-
SHA512
7c08878434aa53ae269e5a4e98111e5f2e4f477e9d1ae719df3ca13f32f64aa3b3ccadbad008282309d116452e5e4b39018d4e5802daf26e5d50cc1083a97de2
-
SSDEEP
49152:d9utIMHSlVNEPS5B8riKy3hEPLna+NiW56wCpVHJNt/Mn+s8KuqGaX0ToIBAUZL1:7jMS5+riKyePLVNP6THJvJBAUZLjh
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-