General
-
Target
cbd3b5a0d06e58a8278d96d38d27437e9c982b2d772b415c05ca0ab3de62d0e3
-
Size
4.9MB
-
Sample
240619-vy7kxavfjb
-
MD5
81ea90ff56262cc8372cd8917008887f
-
SHA1
b7c5afa8459587348c5b9bf49220bca47a291788
-
SHA256
cbd3b5a0d06e58a8278d96d38d27437e9c982b2d772b415c05ca0ab3de62d0e3
-
SHA512
a755c69109fa3ee588bd22bbfcf458e4555b27b7115e9697dbd39e1fe64d23398111b3c5206632d265b2e6dc3f9673d8fcb2ea49065b8a212195c3a84fbc5d1e
-
SSDEEP
98304:mc6I8idG6BZJ2lTOquzmz/aNn+/hq4c5swpXCsFkhe+0giKHWDbXsk:pAidPlqgzmzyEZq4c5s1su/0giKHW/8k
Malware Config
Extracted
socks5systemz
buozzyj.com
csjugtn.net
Targets
-
-
Target
cbd3b5a0d06e58a8278d96d38d27437e9c982b2d772b415c05ca0ab3de62d0e3
-
Size
4.9MB
-
MD5
81ea90ff56262cc8372cd8917008887f
-
SHA1
b7c5afa8459587348c5b9bf49220bca47a291788
-
SHA256
cbd3b5a0d06e58a8278d96d38d27437e9c982b2d772b415c05ca0ab3de62d0e3
-
SHA512
a755c69109fa3ee588bd22bbfcf458e4555b27b7115e9697dbd39e1fe64d23398111b3c5206632d265b2e6dc3f9673d8fcb2ea49065b8a212195c3a84fbc5d1e
-
SSDEEP
98304:mc6I8idG6BZJ2lTOquzmz/aNn+/hq4c5swpXCsFkhe+0giKHWDbXsk:pAidPlqgzmzyEZq4c5s1su/0giKHW/8k
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-