General
-
Target
729fb16b88e394573f29f4acf74aa8ee5b0d60d9cf554cc08b49b99fe04a7877
-
Size
1.2MB
-
Sample
240313-gssmxaee2w
-
MD5
6c4f64ca5da9439c99555135ec273d29
-
SHA1
873e50b6c7546919dac7997c009fab3b70e0d62a
-
SHA256
729fb16b88e394573f29f4acf74aa8ee5b0d60d9cf554cc08b49b99fe04a7877
-
SHA512
026638a1b3550ff733ee9224f98d65e16d871826846873fc053c322f4c86e7f5881f5fac2047d0ef1ccfa7579d2564650a5108583d7576c6bcc817e472d2bde4
-
SSDEEP
24576:fXfARNLXDFariuNmW1UIw9Bco9t6uVpXFfhUdEM9lVNgUK:3sDFarpd13CNhXbnM9lV6/
Malware Config
Targets
-
-
Target
729fb16b88e394573f29f4acf74aa8ee5b0d60d9cf554cc08b49b99fe04a7877
-
Size
1.2MB
-
MD5
6c4f64ca5da9439c99555135ec273d29
-
SHA1
873e50b6c7546919dac7997c009fab3b70e0d62a
-
SHA256
729fb16b88e394573f29f4acf74aa8ee5b0d60d9cf554cc08b49b99fe04a7877
-
SHA512
026638a1b3550ff733ee9224f98d65e16d871826846873fc053c322f4c86e7f5881f5fac2047d0ef1ccfa7579d2564650a5108583d7576c6bcc817e472d2bde4
-
SSDEEP
24576:fXfARNLXDFariuNmW1UIw9Bco9t6uVpXFfhUdEM9lVNgUK:3sDFarpd13CNhXbnM9lV6/
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-