General
-
Target
c711f62fac5d20715addf5dd398b86c50ecc15e2182b60c7c7d3125dc2b2aea2
-
Size
4.8MB
-
Sample
240613-3z4veazfnl
-
MD5
eb23a0baa591fd3b7e33016587dcfb46
-
SHA1
a7699a58ca2f8775f2073c0823e495900f4b7829
-
SHA256
c711f62fac5d20715addf5dd398b86c50ecc15e2182b60c7c7d3125dc2b2aea2
-
SHA512
4fc7a6877421feb206c43650e6dcbbe62819c149ed8cb1845bc475d2c046452618b3a05de10d36dbb102d4451671b2040af8150c9b5171080830ffee68d0417b
-
SSDEEP
98304:mHlKatxBR/BRWZ5UD983xIhDYYGoQTvnaeq8no3IMhLdG+9ejZ153IzIIx:ylKAZBcZO+IhDjDQTP88nYIwM+9e7aH
Malware Config
Extracted
socks5systemz
bwndylb.com
http://bwndylb.com/search/?q=67e28dd8690cfb204406a51a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa49e8889b5e4fa9281ae978fe71ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dfd12c1eb9c
dlulpyf.info
http://dlulpyf.info/search/?q=67e28dd8690ba728400aae4c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c2ec949f3d
Targets
-
-
Target
c711f62fac5d20715addf5dd398b86c50ecc15e2182b60c7c7d3125dc2b2aea2
-
Size
4.8MB
-
MD5
eb23a0baa591fd3b7e33016587dcfb46
-
SHA1
a7699a58ca2f8775f2073c0823e495900f4b7829
-
SHA256
c711f62fac5d20715addf5dd398b86c50ecc15e2182b60c7c7d3125dc2b2aea2
-
SHA512
4fc7a6877421feb206c43650e6dcbbe62819c149ed8cb1845bc475d2c046452618b3a05de10d36dbb102d4451671b2040af8150c9b5171080830ffee68d0417b
-
SSDEEP
98304:mHlKatxBR/BRWZ5UD983xIhDYYGoQTvnaeq8no3IMhLdG+9ejZ153IzIIx:ylKAZBcZO+IhDjDQTP88nYIwM+9e7aH
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-