General
-
Target
455610d86a25ab6a7af326cf522d99db06a60e36677af4dc49e31cdeab65cc7d
-
Size
5.0MB
-
Sample
240620-rrxkksscje
-
MD5
ab6e6e80dcdfe83c711802105b3d83ee
-
SHA1
4e4ab69cd0fd502225981e0164e7dc47668996a8
-
SHA256
455610d86a25ab6a7af326cf522d99db06a60e36677af4dc49e31cdeab65cc7d
-
SHA512
493f79d9703e6a6626e6e430c491fd3f78d735b6380c89938d60da3864ca473c7c5ea46f419a030982183139558262781f6f03bbc9bc67969bc0d7a1bcf4e49a
-
SSDEEP
98304:mYbhXcCOvGy3DSfp+Ye5m4ssdpIN3DigJPlmU2:LbhI+hxjvvJPlmt
Malware Config
Extracted
socks5systemz
ezjqotc.ua
bpexnxw.com
Targets
-
-
Target
455610d86a25ab6a7af326cf522d99db06a60e36677af4dc49e31cdeab65cc7d
-
Size
5.0MB
-
MD5
ab6e6e80dcdfe83c711802105b3d83ee
-
SHA1
4e4ab69cd0fd502225981e0164e7dc47668996a8
-
SHA256
455610d86a25ab6a7af326cf522d99db06a60e36677af4dc49e31cdeab65cc7d
-
SHA512
493f79d9703e6a6626e6e430c491fd3f78d735b6380c89938d60da3864ca473c7c5ea46f419a030982183139558262781f6f03bbc9bc67969bc0d7a1bcf4e49a
-
SSDEEP
98304:mYbhXcCOvGy3DSfp+Ye5m4ssdpIN3DigJPlmU2:LbhI+hxjvvJPlmt
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-