General
-
Target
82eeb1ef814f784c6b4a3fb91de8f6ad837ca2a3f42b080e88d1fe935012cf4b.exe
-
Size
4.6MB
-
Sample
240613-f1s3zayhqp
-
MD5
4cc7d22c7f8d8cef69e76aaa6bb623c7
-
SHA1
df43f2b5dc1f7ccbf6c68a42b695d4e39b9b3919
-
SHA256
82eeb1ef814f784c6b4a3fb91de8f6ad837ca2a3f42b080e88d1fe935012cf4b
-
SHA512
fc966078919d15aff73653f1e21a1da66160d379928d2f9b4ed73ec3782bbd8d6bb32dc971414069d21e6f2f5a9be33401b448ed1112a0a542dc91a65dfb58be
-
SSDEEP
98304:mDrNtGLVE/B58Ia1UVFR/PpXuqmMeBfHz0hVdc5uyp63OOeukP0vx:ir4qrasPaadc5uygQP0J
Static task
static1
Behavioral task
behavioral1
Sample
82eeb1ef814f784c6b4a3fb91de8f6ad837ca2a3f42b080e88d1fe935012cf4b.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
82eeb1ef814f784c6b4a3fb91de8f6ad837ca2a3f42b080e88d1fe935012cf4b.exe
Resource
win10v2004-20240508-en
Malware Config
Extracted
socks5systemz
aaiatof.ru
bmybhsb.com
Targets
-
-
Target
82eeb1ef814f784c6b4a3fb91de8f6ad837ca2a3f42b080e88d1fe935012cf4b.exe
-
Size
4.6MB
-
MD5
4cc7d22c7f8d8cef69e76aaa6bb623c7
-
SHA1
df43f2b5dc1f7ccbf6c68a42b695d4e39b9b3919
-
SHA256
82eeb1ef814f784c6b4a3fb91de8f6ad837ca2a3f42b080e88d1fe935012cf4b
-
SHA512
fc966078919d15aff73653f1e21a1da66160d379928d2f9b4ed73ec3782bbd8d6bb32dc971414069d21e6f2f5a9be33401b448ed1112a0a542dc91a65dfb58be
-
SSDEEP
98304:mDrNtGLVE/B58Ia1UVFR/PpXuqmMeBfHz0hVdc5uyp63OOeukP0vx:ir4qrasPaadc5uygQP0J
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-