General
-
Target
5179029eb225a9937cc7507b084cc8418f4d84e3c99e13b5a2a0cc8fdba75bd3.exe
-
Size
6.4MB
-
Sample
241116-hwdtlawjar
-
MD5
ad01c8fa6ec2371dfd9f57200f84e13a
-
SHA1
0fb1d82d89253d853dcb0e5d66f4b0d2b067b48d
-
SHA256
5179029eb225a9937cc7507b084cc8418f4d84e3c99e13b5a2a0cc8fdba75bd3
-
SHA512
e46fb5132086fa003b36b0d73e94998e132a402a85ce18d8f02e6911e1a41946b11b77e7f214cb34c959ead6add677cb3842294c45e480580d66646b56b6368a
-
SSDEEP
98304:PX4jivxv97/nhks8jVQ9MNa3EgedZ64ymjXA7QjBMh5YwE4zwJozYyazx11:vagxvJPhks8CKaDQemzBBM4wEXoYyaR
Malware Config
Targets
-
-
Target
5179029eb225a9937cc7507b084cc8418f4d84e3c99e13b5a2a0cc8fdba75bd3.exe
-
Size
6.4MB
-
MD5
ad01c8fa6ec2371dfd9f57200f84e13a
-
SHA1
0fb1d82d89253d853dcb0e5d66f4b0d2b067b48d
-
SHA256
5179029eb225a9937cc7507b084cc8418f4d84e3c99e13b5a2a0cc8fdba75bd3
-
SHA512
e46fb5132086fa003b36b0d73e94998e132a402a85ce18d8f02e6911e1a41946b11b77e7f214cb34c959ead6add677cb3842294c45e480580d66646b56b6368a
-
SSDEEP
98304:PX4jivxv97/nhks8jVQ9MNa3EgedZ64ymjXA7QjBMh5YwE4zwJozYyazx11:vagxvJPhks8CKaDQemzBBM4wEXoYyaR
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Socks5systemz family
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-