General
-
Target
d9550d4c11681861c7596334d1c63398826b790751aede4f68edb3f605f627a6.exe
-
Size
4.2MB
-
Sample
250318-k2saaayve1
-
MD5
dbe938c4fef8fcae971266c23d42a2fc
-
SHA1
a53ad1315357a46aa2f00dbedf94290e57eef552
-
SHA256
d9550d4c11681861c7596334d1c63398826b790751aede4f68edb3f605f627a6
-
SHA512
ed85a568fe819a3b4a3d8e517eccacb3dfc817c7c2db0219b2ec603b5e909724daab3d04f83adae5195600fadf561f4357c695f94ce8f02d6ad2fd2bcc4ae4ca
-
SSDEEP
98304:yiibCndb76PZdLIC5z6rMEkqhlzFwp4VLQZoPabJml8eNnik0kn:3i2ndbq3L7dulhlzCOVUUiOvNik0S
Malware Config
Extracted
socks5systemz
dlgxotf.info
http://dlgxotf.info/search/?q=67e28dd86d58f479430aac1c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f071ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923f658cf719c8ec90
bvfmyvr.com
http://bvfmyvr.com/search/?q=67e28dd83e0ff02f4208ac167c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa49e8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608afd13c8e79d9938
Targets
-
-
Target
d9550d4c11681861c7596334d1c63398826b790751aede4f68edb3f605f627a6.exe
-
Size
4.2MB
-
MD5
dbe938c4fef8fcae971266c23d42a2fc
-
SHA1
a53ad1315357a46aa2f00dbedf94290e57eef552
-
SHA256
d9550d4c11681861c7596334d1c63398826b790751aede4f68edb3f605f627a6
-
SHA512
ed85a568fe819a3b4a3d8e517eccacb3dfc817c7c2db0219b2ec603b5e909724daab3d04f83adae5195600fadf561f4357c695f94ce8f02d6ad2fd2bcc4ae4ca
-
SSDEEP
98304:yiibCndb76PZdLIC5z6rMEkqhlzFwp4VLQZoPabJml8eNnik0kn:3i2ndbq3L7dulhlzCOVUUiOvNik0S
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Socks5systemz family
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-