General
-
Target
b409d205ae446b7ff2507e7ff4b5b4c9b63d76df8cbcda30407ee4d3d2bc7ff7.exe
-
Size
4.4MB
-
Sample
250318-h9azvswzez
-
MD5
eb12d8d794cf494a7c77e1b82f4305f7
-
SHA1
99e544894151cee23226915df78bed998ea9eb5b
-
SHA256
b409d205ae446b7ff2507e7ff4b5b4c9b63d76df8cbcda30407ee4d3d2bc7ff7
-
SHA512
cdc19cd890a27313eb0d287a519b4e11c2557a03da5a7b3c12a8c7fab9a21ee237b1e0051a4a68e1e771c769247d204bf325ad42c8bf2f95f446881fe11b7a92
-
SSDEEP
98304:C/cRIqQbhWAli4o8qc/Ufy/F8xlz/FS7WyXtvSe0tpQxU:WlUAly8Yy/GTk7WQ+
Malware Config
Extracted
socks5systemz
ckyooeb.net
http://ckyooeb.net/search/?q=67e28dd8685cf679160da41e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a271ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923f658cf713c8ed91
ddxderi.info
http://ddxderi.info/search/?q=67e28dd86b5bf57d470baa197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa49e8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608afd13c8ed9d9b39
Targets
-
-
Target
b409d205ae446b7ff2507e7ff4b5b4c9b63d76df8cbcda30407ee4d3d2bc7ff7.exe
-
Size
4.4MB
-
MD5
eb12d8d794cf494a7c77e1b82f4305f7
-
SHA1
99e544894151cee23226915df78bed998ea9eb5b
-
SHA256
b409d205ae446b7ff2507e7ff4b5b4c9b63d76df8cbcda30407ee4d3d2bc7ff7
-
SHA512
cdc19cd890a27313eb0d287a519b4e11c2557a03da5a7b3c12a8c7fab9a21ee237b1e0051a4a68e1e771c769247d204bf325ad42c8bf2f95f446881fe11b7a92
-
SSDEEP
98304:C/cRIqQbhWAli4o8qc/Ufy/F8xlz/FS7WyXtvSe0tpQxU:WlUAly8Yy/GTk7WQ+
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Socks5systemz family
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-