General
-
Target
2ca3e7b899022ef1d41e3f6b6de78d4b63e3e5db81b8f00db085eaa05625804d
-
Size
4.8MB
-
Sample
240613-2mjg9stcme
-
MD5
f932f45d6586f5b7643c0d23a0d03183
-
SHA1
d42f323c017e4332b58e1f8a309f271000af0cae
-
SHA256
2ca3e7b899022ef1d41e3f6b6de78d4b63e3e5db81b8f00db085eaa05625804d
-
SHA512
849491f1edfe2f772ca5ee14b510401337e9fe21c89d60234c271492c62f0c75b28491c91038f24583cc80e84efe272ac5177133c29f82ca7229d82ff73d80ae
-
SSDEEP
98304:mWlruAtDxyTMUwPFbluZa+NpaDzR3io9+C3byDS/vwQLe:3lrwTCbYQjXRSoY6eqwf
Malware Config
Extracted
socks5systemz
bmuprsi.com
gbeutrf.com
dlnkmbe.info
http://dlnkmbe.info/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c1e7909239
Targets
-
-
Target
2ca3e7b899022ef1d41e3f6b6de78d4b63e3e5db81b8f00db085eaa05625804d
-
Size
4.8MB
-
MD5
f932f45d6586f5b7643c0d23a0d03183
-
SHA1
d42f323c017e4332b58e1f8a309f271000af0cae
-
SHA256
2ca3e7b899022ef1d41e3f6b6de78d4b63e3e5db81b8f00db085eaa05625804d
-
SHA512
849491f1edfe2f772ca5ee14b510401337e9fe21c89d60234c271492c62f0c75b28491c91038f24583cc80e84efe272ac5177133c29f82ca7229d82ff73d80ae
-
SSDEEP
98304:mWlruAtDxyTMUwPFbluZa+NpaDzR3io9+C3byDS/vwQLe:3lrwTCbYQjXRSoY6eqwf
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-