General
-
Target
ba5e56c0a505db49af2e58e72bbaf41881e844d0d3eb8a4add7b0fccced712ee
-
Size
5.7MB
-
Sample
240616-xkmppasgld
-
MD5
55f82b31ac4ecca4cb83a4f15745ad29
-
SHA1
9fe6ccd7e56468d62d4b9e5a7b6cd7924d077497
-
SHA256
ba5e56c0a505db49af2e58e72bbaf41881e844d0d3eb8a4add7b0fccced712ee
-
SHA512
0c066b75054656ba917f24d49d9e8a5a49b42436deb465f8cbe0f8c5882542aace522d363dbe319f85c63c78e5568eed1928d7d4af36f8abc2cc44d716c4d3ed
-
SSDEEP
98304:mHD5d7LDGpXwH/kBEKY0bMyzNznjJn1GkskaGmCYpwV+2MTq69pP5C2CVaE:0CdwH/kmKPbMyNJkkTDYpwVtMh9JEd
Static task
static1
Behavioral task
behavioral1
Sample
ba5e56c0a505db49af2e58e72bbaf41881e844d0d3eb8a4add7b0fccced712ee.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral2
Sample
ba5e56c0a505db49af2e58e72bbaf41881e844d0d3eb8a4add7b0fccced712ee.exe
Resource
win11-20240508-en
Malware Config
Extracted
socks5systemz
cchaqip.net
ejrgjqi.ua
Targets
-
-
Target
ba5e56c0a505db49af2e58e72bbaf41881e844d0d3eb8a4add7b0fccced712ee
-
Size
5.7MB
-
MD5
55f82b31ac4ecca4cb83a4f15745ad29
-
SHA1
9fe6ccd7e56468d62d4b9e5a7b6cd7924d077497
-
SHA256
ba5e56c0a505db49af2e58e72bbaf41881e844d0d3eb8a4add7b0fccced712ee
-
SHA512
0c066b75054656ba917f24d49d9e8a5a49b42436deb465f8cbe0f8c5882542aace522d363dbe319f85c63c78e5568eed1928d7d4af36f8abc2cc44d716c4d3ed
-
SSDEEP
98304:mHD5d7LDGpXwH/kBEKY0bMyzNznjJn1GkskaGmCYpwV+2MTq69pP5C2CVaE:0CdwH/kmKPbMyNJkkTDYpwVtMh9JEd
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-