General
-
Target
f7dc47ab2da16a40b3a7406f1659c6abd51199a0bff049135fb8393670493232
-
Size
4.9MB
-
Sample
240628-rdknvswemn
-
MD5
81285421e3ff050c68cf4014834736b7
-
SHA1
9e6f1e593bbd98115bc688413e45309a6def07f9
-
SHA256
f7dc47ab2da16a40b3a7406f1659c6abd51199a0bff049135fb8393670493232
-
SHA512
5d32fe02e2f7743941cbd445c6736edd037e9700a37f2c5dd8ca4bb427579a8cf8aada28097c30c42bfa37ee57a89c6f7784398b176b96e5ce237da58057a719
-
SSDEEP
98304:CERduh761RENgubXy9dwLSNkyLLja6MjaIGCshvoUNN24DXZVPLdE4SmhF14Qx3:BRduJ0RAHyHZ+yLLjr2OCsFdNI6XZVDL
Malware Config
Targets
-
-
Target
f7dc47ab2da16a40b3a7406f1659c6abd51199a0bff049135fb8393670493232
-
Size
4.9MB
-
MD5
81285421e3ff050c68cf4014834736b7
-
SHA1
9e6f1e593bbd98115bc688413e45309a6def07f9
-
SHA256
f7dc47ab2da16a40b3a7406f1659c6abd51199a0bff049135fb8393670493232
-
SHA512
5d32fe02e2f7743941cbd445c6736edd037e9700a37f2c5dd8ca4bb427579a8cf8aada28097c30c42bfa37ee57a89c6f7784398b176b96e5ce237da58057a719
-
SSDEEP
98304:CERduh761RENgubXy9dwLSNkyLLja6MjaIGCshvoUNN24DXZVPLdE4SmhF14Qx3:BRduJ0RAHyHZ+yLLjr2OCsFdNI6XZVDL
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-