General
-
Target
2f0bcf34a2fa31ae23b5d3fde464e885ecea3221f1c0a97d156da79245313036
-
Size
4.7MB
-
Sample
240614-bhzetaygmd
-
MD5
5a52904680cb4a58b3baa781eb41d4b9
-
SHA1
48d169420ce4b173d01d49c4d212b3a42aee6aad
-
SHA256
2f0bcf34a2fa31ae23b5d3fde464e885ecea3221f1c0a97d156da79245313036
-
SHA512
22ec92ebeab75c04fa6ef4e3d1e6f2afc5a41074bafa997071dc0c5f835cb3f572220bb9f58a28a2af5876b6b6e5e41bbc4ff9929cb2e4d436a00e7b08bcf6e7
-
SSDEEP
98304:mU8sc9X/PFWJLEEQHb4La/XaCKx7P8OUwmbhSrVgZOKhgmfPJ9l3zRe:oscF9b5e5Kh6V6OUgmfPjl3z0
Malware Config
Extracted
socks5systemz
bnzaqsd.com
ejehasf.ua
Targets
-
-
Target
2f0bcf34a2fa31ae23b5d3fde464e885ecea3221f1c0a97d156da79245313036
-
Size
4.7MB
-
MD5
5a52904680cb4a58b3baa781eb41d4b9
-
SHA1
48d169420ce4b173d01d49c4d212b3a42aee6aad
-
SHA256
2f0bcf34a2fa31ae23b5d3fde464e885ecea3221f1c0a97d156da79245313036
-
SHA512
22ec92ebeab75c04fa6ef4e3d1e6f2afc5a41074bafa997071dc0c5f835cb3f572220bb9f58a28a2af5876b6b6e5e41bbc4ff9929cb2e4d436a00e7b08bcf6e7
-
SSDEEP
98304:mU8sc9X/PFWJLEEQHb4La/XaCKx7P8OUwmbhSrVgZOKhgmfPJ9l3zRe:oscF9b5e5Kh6V6OUgmfPjl3z0
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-