General
-
Target
35939570646add4b7602a8306f690500559272b9eff92ac8ea3a5fe9a22b276a
-
Size
4.7MB
-
Sample
240613-2nt1dstdjc
-
MD5
01c9e077baf97244f262735758784a6f
-
SHA1
9ec41bd1700cf842f6c5ec0ecb85d0f223e59f01
-
SHA256
35939570646add4b7602a8306f690500559272b9eff92ac8ea3a5fe9a22b276a
-
SHA512
f531ddb262538897831619ef9ba722da4662fb3792a6c87e4d7ebd7dabcb25f41e4ce1db3fc3ed4149c2150d558ae244dc7112b3393866885f2bba5e2804f858
-
SSDEEP
98304:m2WqZYZWPMoaBXFYM2KAxkbCp5e6IsI5QJDoY/x:l30v5CMZ1NsIQJkY/x
Malware Config
Extracted
socks5systemz
bxfdivi.com
http://bxfdivi.com/search/?q=67e28dd8690cfb204406a51a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa49e8889b5e4fa9281ae978fe71ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dfe19c7ee93
bodozvh.com
http://bodozvh.com/search/?q=67e28dd8655bf57a4609f84c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c1e792983b
Targets
-
-
Target
35939570646add4b7602a8306f690500559272b9eff92ac8ea3a5fe9a22b276a
-
Size
4.7MB
-
MD5
01c9e077baf97244f262735758784a6f
-
SHA1
9ec41bd1700cf842f6c5ec0ecb85d0f223e59f01
-
SHA256
35939570646add4b7602a8306f690500559272b9eff92ac8ea3a5fe9a22b276a
-
SHA512
f531ddb262538897831619ef9ba722da4662fb3792a6c87e4d7ebd7dabcb25f41e4ce1db3fc3ed4149c2150d558ae244dc7112b3393866885f2bba5e2804f858
-
SSDEEP
98304:m2WqZYZWPMoaBXFYM2KAxkbCp5e6IsI5QJDoY/x:l30v5CMZ1NsIQJkY/x
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-