General
-
Target
f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698
-
Size
5.4MB
-
Sample
240624-p3gx6asgma
-
MD5
a4eecde6282ecffeec2423422db0daa5
-
SHA1
6adba1b5d79e68bcb0ac9ca7998848812994684a
-
SHA256
f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698
-
SHA512
4406c21ada67d1614cb3a956cde5c1ad00226ffa8b544a2e1fd1b251bd30d76cbc680a9a4ca2e134acc1ec709001eae9de292e7fd2d05d5c5ecb5c287a602021
-
SSDEEP
98304:mOgtb5WD7iUNWdSCssTPvXpk2e/tI/LvgNchnweCZUTflpg2gcnRHdDiLZf+w:ly8PpNNoX62eO/LvsAzMUTdHgeU9+w
Static task
static1
Behavioral task
behavioral1
Sample
f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral2
Sample
f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698.exe
Resource
win11-20240508-en
Malware Config
Extracted
socks5systemz
bwiazjh.com
http://bwiazjh.com/search/?q=67e28dd86e09a721465dff1c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978f771ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff613c3ec909939
dldmibc.info
http://dldmibc.info/search/?q=67e28dd86f59a17b435afa187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978a271ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff613c3ec90993a
Targets
-
-
Target
f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698
-
Size
5.4MB
-
MD5
a4eecde6282ecffeec2423422db0daa5
-
SHA1
6adba1b5d79e68bcb0ac9ca7998848812994684a
-
SHA256
f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698
-
SHA512
4406c21ada67d1614cb3a956cde5c1ad00226ffa8b544a2e1fd1b251bd30d76cbc680a9a4ca2e134acc1ec709001eae9de292e7fd2d05d5c5ecb5c287a602021
-
SSDEEP
98304:mOgtb5WD7iUNWdSCssTPvXpk2e/tI/LvgNchnweCZUTflpg2gcnRHdDiLZf+w:ly8PpNNoX62eO/LvsAzMUTdHgeU9+w
Score10/10-
Detect Socks5Systemz Payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-