General
-
Target
a627a73021490099e2d0e9be6876ccb567cf257d58779b594293735f1a70504b
-
Size
852KB
-
Sample
240327-xvcx8sab65
-
MD5
48e50c476ac44045bab00373c7b9cb3c
-
SHA1
20581f2bd62cd81bff10f97517b709fb52ce7546
-
SHA256
a627a73021490099e2d0e9be6876ccb567cf257d58779b594293735f1a70504b
-
SHA512
6d0ce37a48ad6c6290bc017712a0bcaa42641157a44ea6cdba356e52a2dd5096798767522231e4482ce9abb734ebc9b8dedef28f902b374bebf5e8df95f8ffbc
-
SSDEEP
12288:3fgfpqoXPZrK0nox2DC1AQPtxOPwgu8Ra+9D57sJm4ghxmUhPJIcmsIa/tu6pIKz:IBqoXBZCFb2aWYQffhPJIcm2udKz
Malware Config
Targets
-
-
Target
a627a73021490099e2d0e9be6876ccb567cf257d58779b594293735f1a70504b
-
Size
852KB
-
MD5
48e50c476ac44045bab00373c7b9cb3c
-
SHA1
20581f2bd62cd81bff10f97517b709fb52ce7546
-
SHA256
a627a73021490099e2d0e9be6876ccb567cf257d58779b594293735f1a70504b
-
SHA512
6d0ce37a48ad6c6290bc017712a0bcaa42641157a44ea6cdba356e52a2dd5096798767522231e4482ce9abb734ebc9b8dedef28f902b374bebf5e8df95f8ffbc
-
SSDEEP
12288:3fgfpqoXPZrK0nox2DC1AQPtxOPwgu8Ra+9D57sJm4ghxmUhPJIcmsIa/tu6pIKz:IBqoXBZCFb2aWYQffhPJIcm2udKz
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-