General
-
Target
2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7
-
Size
5.6MB
-
Sample
240615-wpm1kstdkn
-
MD5
e999d3cb5228dc29a1088b5f79c5b840
-
SHA1
6b779435532b0bddb70a76c246d31a8b38cec331
-
SHA256
2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7
-
SHA512
23b8493ac774e7962fd9bdd415ecea39788f0b4d8c6c63bfd512f587b517925dff4383b7b4d00154d686ade9a2107416677f3581f94062e684fd5e8fe2c010e6
-
SSDEEP
98304:m4gZwiCwr9c3kNEIm40aiiOD6r+vrrLCE5BDYjyC2pLz4erKw0Rk+oRMDVBH:xuJJNEIFicKvr7FLL0Ty+BBH
Static task
static1
Behavioral task
behavioral1
Sample
2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7.exe
Resource
win11-20240508-en
Malware Config
Extracted
socks5systemz
bvvxylp.com
aavxtnn.ru
Targets
-
-
Target
2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7
-
Size
5.6MB
-
MD5
e999d3cb5228dc29a1088b5f79c5b840
-
SHA1
6b779435532b0bddb70a76c246d31a8b38cec331
-
SHA256
2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7
-
SHA512
23b8493ac774e7962fd9bdd415ecea39788f0b4d8c6c63bfd512f587b517925dff4383b7b4d00154d686ade9a2107416677f3581f94062e684fd5e8fe2c010e6
-
SSDEEP
98304:m4gZwiCwr9c3kNEIm40aiiOD6r+vrrLCE5BDYjyC2pLz4erKw0Rk+oRMDVBH:xuJJNEIFicKvr7FLL0Ty+BBH
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-