General
-
Target
76dd35f56bbe00dbbc54d4ca4b22a4d10ae45801563f674d2a9cceaec4863fde.exe
-
Size
4.7MB
-
Sample
240614-bskpeatcpj
-
MD5
8f8d76ab059e3f1ee4457d996bbd7384
-
SHA1
c38d1652157255c760354bab6b7884be8a2535e5
-
SHA256
76dd35f56bbe00dbbc54d4ca4b22a4d10ae45801563f674d2a9cceaec4863fde
-
SHA512
5cd4b84886976d2ba342f6525498c9fc8e68d86c678784ad3213934dbe147054fa131253dca6005f7af0460adbd77a1de3649843b701458818213574f80d164e
-
SSDEEP
98304:mgzRDSyBbX7MEp+unkPfujwGFVQ+Zt+2aQabUIJfUedeZHe:dNSyBbRp6fcVus1MbLRUKce
Malware Config
Extracted
socks5systemz
dlurxff.info
http://dlurxff.info/search/?q=67e28dd86f54a728120ffa1d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f771ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dfd19c3ec94
bpeaihx.com
Targets
-
-
Target
76dd35f56bbe00dbbc54d4ca4b22a4d10ae45801563f674d2a9cceaec4863fde.exe
-
Size
4.7MB
-
MD5
8f8d76ab059e3f1ee4457d996bbd7384
-
SHA1
c38d1652157255c760354bab6b7884be8a2535e5
-
SHA256
76dd35f56bbe00dbbc54d4ca4b22a4d10ae45801563f674d2a9cceaec4863fde
-
SHA512
5cd4b84886976d2ba342f6525498c9fc8e68d86c678784ad3213934dbe147054fa131253dca6005f7af0460adbd77a1de3649843b701458818213574f80d164e
-
SSDEEP
98304:mgzRDSyBbX7MEp+unkPfujwGFVQ+Zt+2aQabUIJfUedeZHe:dNSyBbRp6fcVus1MbLRUKce
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Detects executables packed with VMProtect.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-