General
-
Target
5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6
-
Size
4.7MB
-
Sample
240613-2yxt2atgrc
-
MD5
a3000003d3f94b0583fb05be70d7562d
-
SHA1
a3a92ed9f3d07caa92dbca111019ee1d863ea913
-
SHA256
5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6
-
SHA512
e61212dcde13d03ef1f663ab5b7d014bebaf1c206a45e0b070aded932c5003a06fe0a4c26991310cecae81c9a376b952fe80f1027dc79c592f25bd5ebe41e9f2
-
SSDEEP
98304:mUAkeJc7/v40QM64cws/F8KkMcwo0Ro022BY+Kxx6nS0sL7vAlZJKjx:sRu/+N4cwsttk30J22BHK6nS0CAlZcjx
Static task
static1
Behavioral task
behavioral1
Sample
5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6.exe
Resource
win10-20240404-en
Malware Config
Extracted
socks5systemz
bbqpgch.com
http://bbqpgch.com/search/?q=67e28dd86a5ef62a130aa5197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a771ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dfe18c6e99d
dlofbme.info
http://dlofbme.info/search/?q=67e28dd86809f27b415ba51b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1de8889b5e4fa9281ae978a771ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c1e6939c3f
http://dlofbme.info/search/?q=67e28dd86809f27b415ba51b7c27d78406abdd88be4b12eab517aa5c96bd86ec93854f845a8bbc896c58e713bc90c94836b5281fc235a925ed3e04d6bd974a95129070b616e96cc92be510b866db52bee348ee4c2b14a82966836f23d7f210c7ee9d993ac4699012
Targets
-
-
Target
5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6
-
Size
4.7MB
-
MD5
a3000003d3f94b0583fb05be70d7562d
-
SHA1
a3a92ed9f3d07caa92dbca111019ee1d863ea913
-
SHA256
5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6
-
SHA512
e61212dcde13d03ef1f663ab5b7d014bebaf1c206a45e0b070aded932c5003a06fe0a4c26991310cecae81c9a376b952fe80f1027dc79c592f25bd5ebe41e9f2
-
SSDEEP
98304:mUAkeJc7/v40QM64cws/F8KkMcwo0Ro022BY+Kxx6nS0sL7vAlZJKjx:sRu/+N4cwsttk30J22BHK6nS0CAlZcjx
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-