General
-
Target
d2ed39089e227b666ba59e3633f130527ad867b708909b92b1dfad035eee1229
-
Size
2.0MB
-
Sample
240312-3xtxesge95
-
MD5
1131307b7b2dcafbb33d1831ae5068cf
-
SHA1
607cc040cef02dd3ba92894b078ef5186b2f7c38
-
SHA256
d2ed39089e227b666ba59e3633f130527ad867b708909b92b1dfad035eee1229
-
SHA512
37f808a45a7727a10944ea8995c4fc2fafc81159a459b808fd1f236155b59a13794526ec220fee78d64c93c32d412899030e790542b8e533bfd1801a061e69f6
-
SSDEEP
49152:C9u5va1VlQbkaxRFRqvdthxF4F5lq2KbOPO0y9jr:M8a9WFRIdthxFclVQx0y9X
Malware Config
Extracted
socks5systemz
http://ermolpu.ua/search/?q=67e28dd86a55a428420bf81f7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f371ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a678cf716c7ec90
http://bbemuzz.com/search/?q=67e28dd8685ff32d4309f94d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608fff13c8e8929b3c
Targets
-
-
Target
d2ed39089e227b666ba59e3633f130527ad867b708909b92b1dfad035eee1229
-
Size
2.0MB
-
MD5
1131307b7b2dcafbb33d1831ae5068cf
-
SHA1
607cc040cef02dd3ba92894b078ef5186b2f7c38
-
SHA256
d2ed39089e227b666ba59e3633f130527ad867b708909b92b1dfad035eee1229
-
SHA512
37f808a45a7727a10944ea8995c4fc2fafc81159a459b808fd1f236155b59a13794526ec220fee78d64c93c32d412899030e790542b8e533bfd1801a061e69f6
-
SSDEEP
49152:C9u5va1VlQbkaxRFRqvdthxF4F5lq2KbOPO0y9jr:M8a9WFRIdthxFclVQx0y9X
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-