General
-
Target
1b7ea6270b2aec5b56743055932b078657b9756c49591b1e8f3eb65b1280f7e8
-
Size
5.0MB
-
Sample
240617-fn1bhszbnk
-
MD5
915ca029bb259f339cbf12728e87d38b
-
SHA1
61dec59da649eeca4d1058ca346f399e60592c2d
-
SHA256
1b7ea6270b2aec5b56743055932b078657b9756c49591b1e8f3eb65b1280f7e8
-
SHA512
d229b4096609194cd2fb770d8846fc751bfa3f34b8c99f3f33e62f143648045050f8faaeed7145aa931666369093c924afa4ae0f48f50054d34ec1ee9b57cffb
-
SSDEEP
98304:mZs9TCAas88G0/J8LYe++PVbcrs1NoNI7bb8fJ8bG+lqAKop+3gXtyuqa3cI0UQ:hD//6LYe+kV4rISub8fJO8A2gd6a3Ng
Malware Config
Extracted
socks5systemz
butmiju.com
kbgiyqa.ua
bxoling.com
http://bxoling.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff717c0ef909d3c
Targets
-
-
Target
1b7ea6270b2aec5b56743055932b078657b9756c49591b1e8f3eb65b1280f7e8
-
Size
5.0MB
-
MD5
915ca029bb259f339cbf12728e87d38b
-
SHA1
61dec59da649eeca4d1058ca346f399e60592c2d
-
SHA256
1b7ea6270b2aec5b56743055932b078657b9756c49591b1e8f3eb65b1280f7e8
-
SHA512
d229b4096609194cd2fb770d8846fc751bfa3f34b8c99f3f33e62f143648045050f8faaeed7145aa931666369093c924afa4ae0f48f50054d34ec1ee9b57cffb
-
SSDEEP
98304:mZs9TCAas88G0/J8LYe++PVbcrs1NoNI7bb8fJ8bG+lqAKop+3gXtyuqa3cI0UQ:hD//6LYe+kV4rISub8fJO8A2gd6a3Ng
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-