General
-
Target
1192d6692bcfbafedfaeee6475ae3415a9f8591aaef9669fe2e62996062f051f
-
Size
5.4MB
-
Sample
240712-tzjd2atcrf
-
MD5
e417abcb47a3fe67d8777c07ca92bdda
-
SHA1
7500bb655fbaa46886a4260b2527232427a14ec1
-
SHA256
1192d6692bcfbafedfaeee6475ae3415a9f8591aaef9669fe2e62996062f051f
-
SHA512
7d8434dcf9ac841be8d38891a6e39bc3e2dbb825acd67597f095516547526b6fdbdc239abd47285461c3048d8f119373784beda86fdd73f2601f98334a30ae7f
-
SSDEEP
98304:CJMfPVQt5br5bR9rLzcSIgSC/YRDU4tlFJO3z5FSQxPPb:Kh5xLz5MC/YRvPO3ziQpj
Malware Config
Targets
-
-
Target
1192d6692bcfbafedfaeee6475ae3415a9f8591aaef9669fe2e62996062f051f
-
Size
5.4MB
-
MD5
e417abcb47a3fe67d8777c07ca92bdda
-
SHA1
7500bb655fbaa46886a4260b2527232427a14ec1
-
SHA256
1192d6692bcfbafedfaeee6475ae3415a9f8591aaef9669fe2e62996062f051f
-
SHA512
7d8434dcf9ac841be8d38891a6e39bc3e2dbb825acd67597f095516547526b6fdbdc239abd47285461c3048d8f119373784beda86fdd73f2601f98334a30ae7f
-
SSDEEP
98304:CJMfPVQt5br5bR9rLzcSIgSC/YRDU4tlFJO3z5FSQxPPb:Kh5xLz5MC/YRvPO3ziQpj
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-