General
-
Target
b6a8859016aab782db9383a91f4db7e4f214cfc5563e2e7cf4d0400458f1d10b
-
Size
4.6MB
-
Sample
240618-3epjzstblk
-
MD5
18bcc92e8f9a9856f25ae1920086fecb
-
SHA1
2ef8646d71b688e7af06806899ea9ea003cf8e10
-
SHA256
b6a8859016aab782db9383a91f4db7e4f214cfc5563e2e7cf4d0400458f1d10b
-
SHA512
3cba741fc71e9a6bfecfc8dd8f067ecb1bd0d1956ee2be166e629a8bfecce8d4097b301f726508dea81058f928b84ea11048689b55c0495c7e0f179a54bae3db
-
SSDEEP
98304:mjtuvA9KE06SsN8zsInLFniCWjIqiq4P0bKJ9SIWkPHzgs:ZIEEesNus2Fiqq4P0KeXkz
Malware Config
Extracted
socks5systemz
bvuibth.com
http://bvuibth.com/search/?q=67e28dd86a5ef62a130aa5197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a771ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f89fa12c2ee9d
bnoodtl.com
Targets
-
-
Target
b6a8859016aab782db9383a91f4db7e4f214cfc5563e2e7cf4d0400458f1d10b
-
Size
4.6MB
-
MD5
18bcc92e8f9a9856f25ae1920086fecb
-
SHA1
2ef8646d71b688e7af06806899ea9ea003cf8e10
-
SHA256
b6a8859016aab782db9383a91f4db7e4f214cfc5563e2e7cf4d0400458f1d10b
-
SHA512
3cba741fc71e9a6bfecfc8dd8f067ecb1bd0d1956ee2be166e629a8bfecce8d4097b301f726508dea81058f928b84ea11048689b55c0495c7e0f179a54bae3db
-
SSDEEP
98304:mjtuvA9KE06SsN8zsInLFniCWjIqiq4P0bKJ9SIWkPHzgs:ZIEEesNus2Fiqq4P0KeXkz
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-