General
-
Target
c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf
-
Size
4.5MB
-
Sample
240607-3wefcaec21
-
MD5
973d6ab138dff4b4d239d8875d7e314a
-
SHA1
182db26c49c4f8e5dd59cd7f959a666a19ed25ea
-
SHA256
c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf
-
SHA512
7a1153e8e53d990afb5a892d11eebd50687b9ac3dda2de75ff94feebe48a7c3050a702c97bbfcf6022ad3b6d73fb0b752f2c37f79ff7d7afa024b18b878e8a32
-
SSDEEP
98304:mbrbur4hcGNZo1IgXHLLiskD0p8TFqidiEjKjiKabQ55LcZl:ql+h1TrLJKFTRdFjuhp5LY
Static task
static1
Behavioral task
behavioral1
Sample
c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf.exe
Resource
win11-20240508-en
Malware Config
Extracted
socks5systemz
ejlobpi.ua
http://ejlobpi.ua/search/?q=67e28dd86c5cf27a4508ad177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff819c0eb969f33
http://ejlobpi.ua/search/?q=67e28dd86c5cf27a4508ad177c27d78406abdd88be4b12eab517aa5c96bd86ef918e4d805a8bbc896c58e713bc90c91836b5281fc235a925ed3e54d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee92923bc96c931e
ddiheep.info
http://ddiheep.info/search/?q=67e28dd83f54f37a445aab4e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4be8889b5e4fa9281ae978f671ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff819c0eb969f33
http://ddiheep.info/search/?q=67e28dd83f54f37a445aab4e7c27d78406abdd88be4b12eab517aa5c96bd86ea97844496148ab2865b77f80ebad9c30f7cb63037ed2ab423a4334383ba915d911ec07bb606a0708727e40ea678c751bbe34efb0e2807e12571c17f3e83fe16c1e89d9a3fce6a9e
Targets
-
-
Target
c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf
-
Size
4.5MB
-
MD5
973d6ab138dff4b4d239d8875d7e314a
-
SHA1
182db26c49c4f8e5dd59cd7f959a666a19ed25ea
-
SHA256
c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf
-
SHA512
7a1153e8e53d990afb5a892d11eebd50687b9ac3dda2de75ff94feebe48a7c3050a702c97bbfcf6022ad3b6d73fb0b752f2c37f79ff7d7afa024b18b878e8a32
-
SSDEEP
98304:mbrbur4hcGNZo1IgXHLLiskD0p8TFqidiEjKjiKabQ55LcZl:ql+h1TrLJKFTRdFjuhp5LY
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-