General
-
Target
ba728b89205a08e8a9f4b6e792ab548ad663c86100724335746a3a28874dcdbd
-
Size
5.7MB
-
Sample
240616-ythyjayhkp
-
MD5
8ae3ef0a5f771c06f8ac32eebda7b1c3
-
SHA1
a764284317beeadc5b316bdb08e999ca594d8cb3
-
SHA256
ba728b89205a08e8a9f4b6e792ab548ad663c86100724335746a3a28874dcdbd
-
SHA512
6e98f90c9bb90d3b3a68cc44826972f51fddcdfc39107141ee1829122d0828b3505995e59d7434b77cd7c918b119fa64c16c80af7bd228d97cf007afbb5491e9
-
SSDEEP
98304:mRqzKB0/RheeDbbPq1AU8Kn1kP7pJ1EG8oSOhujyWukuQ6x1ocKVBbyBM3RuVAk+:Ve8RjfPq1jtna/PSOhR9kubx1odDbkML
Malware Config
Extracted
socks5systemz
bodzuqj.com
bxshudb.com
Targets
-
-
Target
ba728b89205a08e8a9f4b6e792ab548ad663c86100724335746a3a28874dcdbd
-
Size
5.7MB
-
MD5
8ae3ef0a5f771c06f8ac32eebda7b1c3
-
SHA1
a764284317beeadc5b316bdb08e999ca594d8cb3
-
SHA256
ba728b89205a08e8a9f4b6e792ab548ad663c86100724335746a3a28874dcdbd
-
SHA512
6e98f90c9bb90d3b3a68cc44826972f51fddcdfc39107141ee1829122d0828b3505995e59d7434b77cd7c918b119fa64c16c80af7bd228d97cf007afbb5491e9
-
SSDEEP
98304:mRqzKB0/RheeDbbPq1AU8Kn1kP7pJ1EG8oSOhujyWukuQ6x1ocKVBbyBM3RuVAk+:Ve8RjfPq1jtna/PSOhR9kubx1odDbkML
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-