General
-
Target
6cb9f37d90a208103f0e9f04d85cd00af15e677c76a2206595e25c351243c685
-
Size
4.8MB
-
Sample
240613-l4vc4atgke
-
MD5
643ff7835e10c5413a87a559120167c2
-
SHA1
8b5b5fb9582526052df27a299565884c025ce19b
-
SHA256
6cb9f37d90a208103f0e9f04d85cd00af15e677c76a2206595e25c351243c685
-
SHA512
27064d75d12e84bf9477992a95d7ca409681b97d4935daf1ec1c6546d6024b35829f5e798f6df554f3967d7d1949ba87f8eda25be7cf17e7b8d016d1f5f6192e
-
SSDEEP
98304:m/5PQ5xlG3U3uU9PabgB+x6dHO95MxvCa9ufAFwcIGBpmaS9OpLiXyF7844po:GP2xOU399cq+EdNH90upIGBptpLMy+4Z
Static task
static1
Behavioral task
behavioral1
Sample
6cb9f37d90a208103f0e9f04d85cd00af15e677c76a2206595e25c351243c685.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
6cb9f37d90a208103f0e9f04d85cd00af15e677c76a2206595e25c351243c685.exe
Resource
win11-20240508-en
Malware Config
Extracted
socks5systemz
cebwkbn.net
ayodpol.ru
Targets
-
-
Target
6cb9f37d90a208103f0e9f04d85cd00af15e677c76a2206595e25c351243c685
-
Size
4.8MB
-
MD5
643ff7835e10c5413a87a559120167c2
-
SHA1
8b5b5fb9582526052df27a299565884c025ce19b
-
SHA256
6cb9f37d90a208103f0e9f04d85cd00af15e677c76a2206595e25c351243c685
-
SHA512
27064d75d12e84bf9477992a95d7ca409681b97d4935daf1ec1c6546d6024b35829f5e798f6df554f3967d7d1949ba87f8eda25be7cf17e7b8d016d1f5f6192e
-
SSDEEP
98304:m/5PQ5xlG3U3uU9PabgB+x6dHO95MxvCa9ufAFwcIGBpmaS9OpLiXyF7844po:GP2xOU399cq+EdNH90upIGBptpLMy+4Z
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-