General
-
Target
3e9d20e9164affd09d80bd2baa0eb93df9314d169c66bcdc57c6a3be24b5adb1
-
Size
4.8MB
-
Sample
240617-fqfd5azckq
-
MD5
a0160ca9211780c5e0c1cacb5b8a8cf8
-
SHA1
5f0fcda7df0dd705c09694b0a12b5d348c853451
-
SHA256
3e9d20e9164affd09d80bd2baa0eb93df9314d169c66bcdc57c6a3be24b5adb1
-
SHA512
4a42e3985366c11311fd142c91084f749c75c86b98d3cd68dd37c98cac721a6274ca7404503b81c081c838c9c4ea63ca186bb8831b998d53f4d98fbd0706d0d2
-
SSDEEP
98304:mLvddaQ24VT8u6zOVEt3Cq2CMR6kJi97yC0AuPdln2O2UrdGJNt:AVoQ9VITOVEICXkJi9CXn2Cst
Malware Config
Extracted
socks5systemz
begyqaw.com
gobeaid.com
bgajdvz.com
http://bgajdvz.com/search/?q=67e28dd8655bf57a4609f84c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff717c0ef92993a
Targets
-
-
Target
3e9d20e9164affd09d80bd2baa0eb93df9314d169c66bcdc57c6a3be24b5adb1
-
Size
4.8MB
-
MD5
a0160ca9211780c5e0c1cacb5b8a8cf8
-
SHA1
5f0fcda7df0dd705c09694b0a12b5d348c853451
-
SHA256
3e9d20e9164affd09d80bd2baa0eb93df9314d169c66bcdc57c6a3be24b5adb1
-
SHA512
4a42e3985366c11311fd142c91084f749c75c86b98d3cd68dd37c98cac721a6274ca7404503b81c081c838c9c4ea63ca186bb8831b998d53f4d98fbd0706d0d2
-
SSDEEP
98304:mLvddaQ24VT8u6zOVEt3Cq2CMR6kJi97yC0AuPdln2O2UrdGJNt:AVoQ9VITOVEICXkJi9CXn2Cst
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-