General
-
Target
6e466477a5a2c9456bab89f5e64fecad2d276825e589b9d292b3e04d6c53c54b
-
Size
5.0MB
-
Sample
240523-esfx1ade94
-
MD5
f4dd11bb5d2c9163af6743962eafcec3
-
SHA1
27f48cc350e331c7f16e2e9edfff2d54fbebea99
-
SHA256
6e466477a5a2c9456bab89f5e64fecad2d276825e589b9d292b3e04d6c53c54b
-
SHA512
b58b3123096343a2bba36a6e04b3dbb0c8e8322ced1eabe835e9a33b68ccddb7f89fa91e7afad615be49f40d4d683280a09455cb1f559b1bcfdff77d0c30c190
-
SSDEEP
98304:mrOg2WJw4d6m+4Id7f+AUD7WV8JeHcwY0SHZjyXyz:cWRp+AU48jhfZrz
Malware Config
Targets
-
-
Target
6e466477a5a2c9456bab89f5e64fecad2d276825e589b9d292b3e04d6c53c54b
-
Size
5.0MB
-
MD5
f4dd11bb5d2c9163af6743962eafcec3
-
SHA1
27f48cc350e331c7f16e2e9edfff2d54fbebea99
-
SHA256
6e466477a5a2c9456bab89f5e64fecad2d276825e589b9d292b3e04d6c53c54b
-
SHA512
b58b3123096343a2bba36a6e04b3dbb0c8e8322ced1eabe835e9a33b68ccddb7f89fa91e7afad615be49f40d4d683280a09455cb1f559b1bcfdff77d0c30c190
-
SSDEEP
98304:mrOg2WJw4d6m+4Id7f+AUD7WV8JeHcwY0SHZjyXyz:cWRp+AU48jhfZrz
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-