General
-
Target
8fd5513c98a7bc3476164cbc10e3a4d2fd01cf4561130ee38794156104c602aa
-
Size
683KB
-
Sample
240703-f5q46szbqd
-
MD5
3c18e92b342ee0899db68f2f80bf1585
-
SHA1
04f9ddbcfe58580295c9de966c1b752302b9703d
-
SHA256
8fd5513c98a7bc3476164cbc10e3a4d2fd01cf4561130ee38794156104c602aa
-
SHA512
6b90c0e3c428117c5325aaa7e47edc9d0392140e8eff8ff0541acaf1593dfde90ded4340ca5bb9baed1895283ede5386364f94481aaac7dce5941e0663210dd8
-
SSDEEP
12288:FIZIJ8lG4fIFE+wM0QUeW/AxKD1pH6tKpjAriCACE1ppp/3GxmP1xoM+/hXB1gjU:SZIJ8lG4fIFEhM54IEP/CACCh2IfM5Xv
Malware Config
Targets
-
-
Target
8fd5513c98a7bc3476164cbc10e3a4d2fd01cf4561130ee38794156104c602aa
-
Size
683KB
-
MD5
3c18e92b342ee0899db68f2f80bf1585
-
SHA1
04f9ddbcfe58580295c9de966c1b752302b9703d
-
SHA256
8fd5513c98a7bc3476164cbc10e3a4d2fd01cf4561130ee38794156104c602aa
-
SHA512
6b90c0e3c428117c5325aaa7e47edc9d0392140e8eff8ff0541acaf1593dfde90ded4340ca5bb9baed1895283ede5386364f94481aaac7dce5941e0663210dd8
-
SSDEEP
12288:FIZIJ8lG4fIFE+wM0QUeW/AxKD1pH6tKpjAriCACE1ppp/3GxmP1xoM+/hXB1gjU:SZIJ8lG4fIFEhM54IEP/CACCh2IfM5Xv
Score10/10-
Generic Chinese Botnet
A botnet originating from China which is currently unnamed publicly.
-
Chinese Botnet payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
VMProtect packed file
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application
-
Drops file in System32 directory
-