General
-
Target
3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d
-
Size
573KB
-
Sample
240503-zsdg4ahh53
-
MD5
4de52afe5be73651d8121a799cc08b59
-
SHA1
1e269edfab7f8f84a8f212b2288a0f13aa499af8
-
SHA256
3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d
-
SHA512
13a166155992729037a6a8058bd267481013cdb9f768537568e954ccf142e31880b4e59f2cfba9da1420c42d8c2aa6edd0ff90194848db3c713d898c8b16922d
-
SSDEEP
12288:nsaY8rigT27rMf3hGrBvelimccunSH2JGhfZ+1hmohdTyeTqy:B/rxT28EvelFfunSH2wxZ+9hFT/
Behavioral task
behavioral1
Sample
3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d.exe
Resource
win10v2004-20240419-en
Malware Config
Targets
-
-
Target
3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d
-
Size
573KB
-
MD5
4de52afe5be73651d8121a799cc08b59
-
SHA1
1e269edfab7f8f84a8f212b2288a0f13aa499af8
-
SHA256
3fee7f944dc0f23d09628713fe542cfcd70c6192d8fe106c6a5bf10516887f3d
-
SHA512
13a166155992729037a6a8058bd267481013cdb9f768537568e954ccf142e31880b4e59f2cfba9da1420c42d8c2aa6edd0ff90194848db3c713d898c8b16922d
-
SSDEEP
12288:nsaY8rigT27rMf3hGrBvelimccunSH2JGhfZ+1hmohdTyeTqy:B/rxT28EvelFfunSH2wxZ+9hFT/
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
UPX dump on OEP (original entry point)
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-