General
-
Target
87a2b6d8e9f3e20bc5a2fd66e551a7add5604ebe69fe7e9d354901c4d82b311a
-
Size
4.5MB
-
Sample
240530-26311sde4z
-
MD5
3f4ac40876eb79c202b6f2c0e74ceab2
-
SHA1
8a9b592e912523eb1706e834a184a4c05b66aebf
-
SHA256
87a2b6d8e9f3e20bc5a2fd66e551a7add5604ebe69fe7e9d354901c4d82b311a
-
SHA512
ad306778d9e0200e56ea8078073f6ea0dfe2ade9893e753f8d95d96d22473bb74430debc2707b919df6c4280863ec2d332a2e453d94300d852f9b79f77a565e7
-
SSDEEP
98304:m2lMhJhWnooZDUpYUSDig+2wsH8jrerMcmTFf4:/y7JoZDCYUSWO8jfcKf4
Malware Config
Targets
-
-
Target
87a2b6d8e9f3e20bc5a2fd66e551a7add5604ebe69fe7e9d354901c4d82b311a
-
Size
4.5MB
-
MD5
3f4ac40876eb79c202b6f2c0e74ceab2
-
SHA1
8a9b592e912523eb1706e834a184a4c05b66aebf
-
SHA256
87a2b6d8e9f3e20bc5a2fd66e551a7add5604ebe69fe7e9d354901c4d82b311a
-
SHA512
ad306778d9e0200e56ea8078073f6ea0dfe2ade9893e753f8d95d96d22473bb74430debc2707b919df6c4280863ec2d332a2e453d94300d852f9b79f77a565e7
-
SSDEEP
98304:m2lMhJhWnooZDUpYUSDig+2wsH8jrerMcmTFf4:/y7JoZDCYUSWO8jfcKf4
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-