Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
3c0e672bce0dad4ed808fc11657433c09a949dde5cb92cb6e3e9ca3b70d1ee52
-
Size
2.0MB
-
Sample
240315-bddybaef39
-
MD5
7b0450a8f0f55e1a4dd87d63c89391ec
-
SHA1
07791ca729fe8530516a30cf79537851087e838c
-
SHA256
3c0e672bce0dad4ed808fc11657433c09a949dde5cb92cb6e3e9ca3b70d1ee52
-
SHA512
57c388a091fb1d381d6c5b6eb903100ef598e5abdd623508407305ac91a7809230d4733a354f61b0c79c8daa373f1094ec7a72471a423544d9d433776dd33466
-
SSDEEP
49152:32wgMX097PjZYMpO6qaO9emlnq22+Q6NzFWatjY0gKNB:mwVgrZYMG9emtq2rQ6F8atRJB
Malware Config
Extracted
socks5systemz
http://dtewswe.info/search/?q=67e28dd83a08f628140aae1d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a678af915c6ee97
http://dixmtyi.info/search/?q=67e28dd83a5afb7a460aac4a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa49e8889b5e4fa9281ae978f771ea771795af8e05c645db22f31df92d8838ed12a666d307eca743ec4c2b07b52966923a678af915c5e895
Targets
-
-
Target
3c0e672bce0dad4ed808fc11657433c09a949dde5cb92cb6e3e9ca3b70d1ee52
-
Size
2.0MB
-
MD5
7b0450a8f0f55e1a4dd87d63c89391ec
-
SHA1
07791ca729fe8530516a30cf79537851087e838c
-
SHA256
3c0e672bce0dad4ed808fc11657433c09a949dde5cb92cb6e3e9ca3b70d1ee52
-
SHA512
57c388a091fb1d381d6c5b6eb903100ef598e5abdd623508407305ac91a7809230d4733a354f61b0c79c8daa373f1094ec7a72471a423544d9d433776dd33466
-
SSDEEP
49152:32wgMX097PjZYMpO6qaO9emlnq22+Q6NzFWatjY0gKNB:mwVgrZYMG9emtq2rQ6F8atRJB
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-