General
-
Target
e7d7ab5931cc59dbffa5f5f90131b4bc41306bbd0e536624d2a7e54a57f1f592
-
Size
4.7MB
-
Sample
240614-aevf1s1alr
-
MD5
9cc66a8985ecfc10d165ec22bd023687
-
SHA1
af66dbd2ef77036ccf5c7c0fb6a86daf072b19c9
-
SHA256
e7d7ab5931cc59dbffa5f5f90131b4bc41306bbd0e536624d2a7e54a57f1f592
-
SHA512
93d480cc430ecf8686b975a30ec1d1215b4c1dfcb8f177300f74bc0f00f0b7bf8b4daaef639e4cab224ce3122f7faa406bc4337340a76dbb34f69213bbb80285
-
SSDEEP
98304:mvL/sSGKm6RTeq5z58vBhgUzU5IAIgA5n7QL5FtE5ViHvBbFx:y/sSGK7TFz5cBh7v8AnU5F4Ax
Static task
static1
Behavioral task
behavioral1
Sample
e7d7ab5931cc59dbffa5f5f90131b4bc41306bbd0e536624d2a7e54a57f1f592.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
e7d7ab5931cc59dbffa5f5f90131b4bc41306bbd0e536624d2a7e54a57f1f592.exe
Resource
win10-20240404-en
Malware Config
Extracted
socks5systemz
ckocdgu.net
godhawj.com
aqehneo.ru
http://aqehneo.ru/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c2ec929e3f
Targets
-
-
Target
e7d7ab5931cc59dbffa5f5f90131b4bc41306bbd0e536624d2a7e54a57f1f592
-
Size
4.7MB
-
MD5
9cc66a8985ecfc10d165ec22bd023687
-
SHA1
af66dbd2ef77036ccf5c7c0fb6a86daf072b19c9
-
SHA256
e7d7ab5931cc59dbffa5f5f90131b4bc41306bbd0e536624d2a7e54a57f1f592
-
SHA512
93d480cc430ecf8686b975a30ec1d1215b4c1dfcb8f177300f74bc0f00f0b7bf8b4daaef639e4cab224ce3122f7faa406bc4337340a76dbb34f69213bbb80285
-
SSDEEP
98304:mvL/sSGKm6RTeq5z58vBhgUzU5IAIgA5n7QL5FtE5ViHvBbFx:y/sSGK7TFz5cBh7v8AnU5F4Ax
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-