General
-
Target
614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656
-
Size
5.4MB
-
Sample
240624-f3znjayble
-
MD5
17be96a2c05d884021861f344059357e
-
SHA1
a7be70e6355757bac17682fec674605176c7558b
-
SHA256
614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656
-
SHA512
b4cb8c14f58a7e5aca002f36c8da3daa0ee9771d5a4551777cfdb6f23df3b8237531b5126811716bbbefa6002400d3c02883286edf092bdc0169e7df2a60711e
-
SSDEEP
98304:mTYe+ESPrh6EKjnpCeAkL53jc60zQPnstuBoxo8/FuWRkX2euEFxX/4SnggmdjQs:qqrwEGpH5Vz/0zQEtlxR/FRR8FxX/pnu
Static task
static1
Behavioral task
behavioral1
Sample
614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656.exe
Resource
win10-20240404-en
Malware Config
Extracted
socks5systemz
bnhzyhg.com
http://bnhzyhg.com/search/?q=67e28dd86c0ca72e110aab177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6e8cff17c7eb95
http://bnhzyhg.com/search/?q=67e28dd86c0ca72e110aab177c27d78406abdd88be4b12eab517aa5c96bd86eb938e4c96148ab2865b77f80ebad9c00f7cb63037ed2ab423a4334383ba915d911ec07bb606a0708720fa11b861c353baf51aba1e7242fa7023cc366689fe18c2ef939d3fcd
bfzyyod.com
http://bfzyyod.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff613c0e9929e3b
http://bfzyyod.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12eab517aa5c96bd86e89d864b805a8bbc896c58e713bc90c91936b5281fc235a925ed3e56d6bd974a95129070b616e96cc92be510b866db52bee348ee4c2b14a82966836f23d7f210c7ee9c983bcb689216
Targets
-
-
Target
614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656
-
Size
5.4MB
-
MD5
17be96a2c05d884021861f344059357e
-
SHA1
a7be70e6355757bac17682fec674605176c7558b
-
SHA256
614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656
-
SHA512
b4cb8c14f58a7e5aca002f36c8da3daa0ee9771d5a4551777cfdb6f23df3b8237531b5126811716bbbefa6002400d3c02883286edf092bdc0169e7df2a60711e
-
SSDEEP
98304:mTYe+ESPrh6EKjnpCeAkL53jc60zQPnstuBoxo8/FuWRkX2euEFxX/4SnggmdjQs:qqrwEGpH5Vz/0zQEtlxR/FRR8FxX/pnu
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-