General
-
Target
8a03737a00eca05904d6eb4b7e6eb2d647df1c89ae8ae9fb7a4cea4ae9e46532.exe
-
Size
4.8MB
-
Sample
240614-bzxybatfmk
-
MD5
e3fde49ae52139653cd08508e6df5eaf
-
SHA1
b4b6b76dbcad01acb719fe968cf7fc602085fc5b
-
SHA256
8a03737a00eca05904d6eb4b7e6eb2d647df1c89ae8ae9fb7a4cea4ae9e46532
-
SHA512
cafd630d5db7c97f107842bc962e2127759d71c4802298d2d67d6a3b8adad76e5c663d519460847d5f443083d9d67f48bc1628ee6e56f20a589ffb87901f43da
-
SSDEEP
98304:mFP+8UyLd7qUQ1do4G5c2r79q/3FSOHrqmzTOlbWF8x6iOFi:e4ad7qUQ/oHr4/1VH1YbWFw6iT
Malware Config
Extracted
socks5systemz
aanavre.ru
bhukppt.com
Targets
-
-
Target
8a03737a00eca05904d6eb4b7e6eb2d647df1c89ae8ae9fb7a4cea4ae9e46532.exe
-
Size
4.8MB
-
MD5
e3fde49ae52139653cd08508e6df5eaf
-
SHA1
b4b6b76dbcad01acb719fe968cf7fc602085fc5b
-
SHA256
8a03737a00eca05904d6eb4b7e6eb2d647df1c89ae8ae9fb7a4cea4ae9e46532
-
SHA512
cafd630d5db7c97f107842bc962e2127759d71c4802298d2d67d6a3b8adad76e5c663d519460847d5f443083d9d67f48bc1628ee6e56f20a589ffb87901f43da
-
SSDEEP
98304:mFP+8UyLd7qUQ1do4G5c2r79q/3FSOHrqmzTOlbWF8x6iOFi:e4ad7qUQ/oHr4/1VH1YbWFw6iT
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Detects executables packed with VMProtect.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-