General
-
Target
2f3987424da71020d666d6fd2bc523ae04855fcec0b002bce7fdfefe6e3b5ee7
-
Size
4.9MB
-
Sample
240620-2lgbhs1blf
-
MD5
c512fe759ed097d027dcf8262808a069
-
SHA1
c2b8ff9f6ffe59e70d778540d38e6758288f8f4e
-
SHA256
2f3987424da71020d666d6fd2bc523ae04855fcec0b002bce7fdfefe6e3b5ee7
-
SHA512
6a0656bf9116fb4acb4566ee4198e75e5948c251c7a5fa198ec12f49193645e27979cd0b7e9f483ad457a159a6ac22edce211a7fe09c75472de75e03f572c56d
-
SSDEEP
98304:mEEUu8FBVbU8QBgHoCvmI1c5Yvt7stG12VgkFqUFXtuI50TsYA:znv5EyHoCk+qM1uFbuIKoYA
Malware Config
Extracted
socks5systemz
aqyokgz.ru
fibqyuv.ru
aikzgfo.ru
http://aikzgfo.ru/search/?q=67e28dd86c0ca77c400cfe4c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff718c2ec979c3f
Targets
-
-
Target
2f3987424da71020d666d6fd2bc523ae04855fcec0b002bce7fdfefe6e3b5ee7
-
Size
4.9MB
-
MD5
c512fe759ed097d027dcf8262808a069
-
SHA1
c2b8ff9f6ffe59e70d778540d38e6758288f8f4e
-
SHA256
2f3987424da71020d666d6fd2bc523ae04855fcec0b002bce7fdfefe6e3b5ee7
-
SHA512
6a0656bf9116fb4acb4566ee4198e75e5948c251c7a5fa198ec12f49193645e27979cd0b7e9f483ad457a159a6ac22edce211a7fe09c75472de75e03f572c56d
-
SSDEEP
98304:mEEUu8FBVbU8QBgHoCvmI1c5Yvt7stG12VgkFqUFXtuI50TsYA:znv5EyHoCk+qM1uFbuIKoYA
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-