General
-
Target
58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6
-
Size
4.9MB
-
Sample
240613-2ych4axgpr
-
MD5
7a318458390dad5e32fcb14d1a4a84f4
-
SHA1
18af4da09a45f36bd2573b3b5f5a2f7434f442a2
-
SHA256
58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6
-
SHA512
65206d28e70f2130d876c3e23a39618c7d561e9305708bec71fa81a618779bf1a2ebffe4d013cf85520cf18bbd1171f7140acb3554e76b080052546f0250731d
-
SSDEEP
98304:mXu2p0/zpaaQlCXkMOre73RSBunL+a7KSd3HNgXz0:MY9QAv+ej6unSzAXiD0
Static task
static1
Behavioral task
behavioral1
Sample
58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6.exe
Resource
win10-20240404-en
Malware Config
Extracted
socks5systemz
ezpfdon.ua
gwcwxdz.com
bohzevz.com
http://bohzevz.com/search/?q=67e28dd86c0ca77c400cfe4c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c1e6939a32
Targets
-
-
Target
58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6
-
Size
4.9MB
-
MD5
7a318458390dad5e32fcb14d1a4a84f4
-
SHA1
18af4da09a45f36bd2573b3b5f5a2f7434f442a2
-
SHA256
58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6
-
SHA512
65206d28e70f2130d876c3e23a39618c7d561e9305708bec71fa81a618779bf1a2ebffe4d013cf85520cf18bbd1171f7140acb3554e76b080052546f0250731d
-
SSDEEP
98304:mXu2p0/zpaaQlCXkMOre73RSBunL+a7KSd3HNgXz0:MY9QAv+ej6unSzAXiD0
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-