General
-
Target
4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c
-
Size
4.9MB
-
Sample
240613-2smrwatepf
-
MD5
82767654689854be5c9674ffd30907ae
-
SHA1
ad6810fc6098ea35375f15beba8209304da4963b
-
SHA256
4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c
-
SHA512
fb3b73d2a0d27217dacde391b1f938f36cc670ccfabcfdce92b956de95b30da91504f6374cc22b273b24e9ba8d77317409141ed79c49933817a3cd912abadcfe
-
SSDEEP
98304:mY0ti2v0z4b7Kks6eD7NyedQ/NAiAlfKSoBe+sBpi1s1/J:vS3vFbm7NXsv+iAfKSo8+o2s1/J
Static task
static1
Behavioral task
behavioral1
Sample
4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c.exe
Resource
win10-20240404-en
Malware Config
Extracted
socks5systemz
bpnuoii.com
http://bpnuoii.com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ee8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dfe18c1ee96
bbniduy.com
http://bbniduy.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c1e6949b3a
http://bbniduy.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12eab517aa5c96bd86e991814b845a8bbc896c58e713bc90c91936b5281fc235a925ed3e56d6bd974a95129070b616e96cc92be510b866db52bee348ee4c2b14a82966836f23d7f210c7ee9d993ac46e9717
Targets
-
-
Target
4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c
-
Size
4.9MB
-
MD5
82767654689854be5c9674ffd30907ae
-
SHA1
ad6810fc6098ea35375f15beba8209304da4963b
-
SHA256
4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c
-
SHA512
fb3b73d2a0d27217dacde391b1f938f36cc670ccfabcfdce92b956de95b30da91504f6374cc22b273b24e9ba8d77317409141ed79c49933817a3cd912abadcfe
-
SSDEEP
98304:mY0ti2v0z4b7Kks6eD7NyedQ/NAiAlfKSoBe+sBpi1s1/J:vS3vFbm7NXsv+iAfKSo8+o2s1/J
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-