General
-
Target
16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61
-
Size
1.2MB
-
Sample
240315-lzndzsde5x
-
MD5
9e5fde8bba8671999281f6b5b4de26b2
-
SHA1
da1b174b943a5712c652a6543be848628cbd4de4
-
SHA256
16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61
-
SHA512
1633ef0b446bf569dc8cf15266aecc108cb2e81975e1ff5bab37fa2beec97afc2068a14a70491ceb998ffed226b969166649a03e025a4e069ed35f6969371b81
-
SSDEEP
24576:QshXD6/mnBX0baKc1uqz6wwlFGaT0SiZRZocISDNAmZ:7tZ0N1quvv43ZorSD7
Static task
static1
Behavioral task
behavioral1
Sample
16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61.exe
Resource
win10v2004-20231215-en
Malware Config
Targets
-
-
Target
16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61
-
Size
1.2MB
-
MD5
9e5fde8bba8671999281f6b5b4de26b2
-
SHA1
da1b174b943a5712c652a6543be848628cbd4de4
-
SHA256
16bc54ea483fe14fe6b8a3d767f8754eb2cd02505fd21ee1834e6d8e13beee61
-
SHA512
1633ef0b446bf569dc8cf15266aecc108cb2e81975e1ff5bab37fa2beec97afc2068a14a70491ceb998ffed226b969166649a03e025a4e069ed35f6969371b81
-
SSDEEP
24576:QshXD6/mnBX0baKc1uqz6wwlFGaT0SiZRZocISDNAmZ:7tZ0N1quvv43ZorSD7
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Executes dropped EXE
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-