General
-
Target
42WFo3FaTHYyBEwuU2uDHxNr.exe
-
Size
7.6MB
-
Sample
241218-f9cscavpgw
-
MD5
98f743c21a83ff1ebb7a55b3d32ac099
-
SHA1
e715b3eb8a3518369d20012533d4cc8eb8950749
-
SHA256
e880e19545c1a04e0cced43714c2c027fa1cc8558499091dae57a3675b9fc82c
-
SHA512
5fe640e5c9b6bc9dc8ace041b20ce5b9f1190b010aeabc13e17310220ec4352e025b22d9a2ec876a83e0bf8088e4b30cd7e43dd9a47904d6df9b639bfba39452
-
SSDEEP
196608:DnIjlo7SWx8ktMWfDsRhcI76Mrmaa6t9BHKNPv/94s23rG04BbpmBj:DIhoeWxwW7sRhr6Mrmaaq9BqN3/9oZ0S
Malware Config
Targets
-
-
Target
42WFo3FaTHYyBEwuU2uDHxNr.exe
-
Size
7.6MB
-
MD5
98f743c21a83ff1ebb7a55b3d32ac099
-
SHA1
e715b3eb8a3518369d20012533d4cc8eb8950749
-
SHA256
e880e19545c1a04e0cced43714c2c027fa1cc8558499091dae57a3675b9fc82c
-
SHA512
5fe640e5c9b6bc9dc8ace041b20ce5b9f1190b010aeabc13e17310220ec4352e025b22d9a2ec876a83e0bf8088e4b30cd7e43dd9a47904d6df9b639bfba39452
-
SSDEEP
196608:DnIjlo7SWx8ktMWfDsRhcI76Mrmaa6t9BHKNPv/94s23rG04BbpmBj:DIhoeWxwW7sRhr6Mrmaaq9BqN3/9oZ0S
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Socks5systemz family
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-