General
-
Target
d85357190e6be1331036f8cf9225d5c2.bin
-
Size
2.0MB
-
Sample
240325-e8hfrsba71
-
MD5
cd843214e49310a3bf1e3b30ce5eaf6f
-
SHA1
5693a301f4db59cd99b9ef775fc9ba57fdeb8229
-
SHA256
77a1d2055eaaec97a8427e98b93b4c142793efcbd1c81dd98a6d909fedc929dd
-
SHA512
5208ad83d6ce0f92438066ae9f319ec2e1a5340ff99cf0e3f526adef1c8c44d85d1e46d8eaddb404a7021527cd0a7089f9481f7c6ffecdb2dc6b542c94dab197
-
SSDEEP
49152:SQy0ff24qOB2TcOz/Rxq0b+poa8OR8j/osq+5KRp/S/5BT+OhS:SQy0nuO4wGFbyoalR8j/e+5KRp/oxI
Static task
static1
Behavioral task
behavioral1
Sample
d53e734f9a4bad2b0d36b7484cb445bd377192a77ddb0d753d5aa1d14e9db078.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d53e734f9a4bad2b0d36b7484cb445bd377192a77ddb0d753d5aa1d14e9db078.exe
Resource
win10v2004-20240319-en
Malware Config
Extracted
socks5systemz
http://bnuhcfi.com/search/?q=67e28dd83f0fa47b1407ab4e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978a271ea771795af8e05c64bdb22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a668dfb10c4e993
http://eroloke.ua/search/?q=67e28dd86a08a32d155da44d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa49e8889b5e4fa9281ae978f471ea771795af8e05c64bdb22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffe12c4ee919c38
http://eroloke.ua/search/?q=67e28dd86a08a32d155da44d7c27d78406abdd88be4b12eab517aa5c96bd86e8968645835a8bbc896c58e713bc90c91c36b5281fc235a925ed3e57d6bd974a95129070b618e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee94993fcc6b9015
Targets
-
-
Target
d53e734f9a4bad2b0d36b7484cb445bd377192a77ddb0d753d5aa1d14e9db078.exe
-
Size
2.0MB
-
MD5
d85357190e6be1331036f8cf9225d5c2
-
SHA1
f5c994accc9fc16df9cd4f3e9e13fdea952c17be
-
SHA256
d53e734f9a4bad2b0d36b7484cb445bd377192a77ddb0d753d5aa1d14e9db078
-
SHA512
82dbbd85980edda224365afca6cd75a5f18c4d967a20aec7b2d180f559a90e3772a8c125cb59f03f7465bfee60b42cb93ed037a202f0e7c1bc7c68385430aa0c
-
SSDEEP
49152:32VR72rAMT8ztu+OmTPjrF13w6GCDiIXSMr09sYe7D:mVR72cMT8zt8sF13wDCDiarQbc
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-