General
-
Target
da553889332afa84bdb6903423527c25dfaef3c75b8ed17f48142ef8b49ea580
-
Size
4.9MB
-
Sample
240630-n2ewqszhrp
-
MD5
ca8d4cd535b62a107fb51e128f26c6c1
-
SHA1
387f3aa6dbc337c48ee2f058712f4f1eb42f3e2d
-
SHA256
da553889332afa84bdb6903423527c25dfaef3c75b8ed17f48142ef8b49ea580
-
SHA512
cf972761571d7da3bfb6bd0aa52ac650179ed56dc2ce21b516461313651b9961b32f77ddf5cf34072a71f6a1e50a9817e8e07abb14e41b2e738edad223ebd2a8
-
SSDEEP
98304:C1N4H2aX1PtDXytasGDRuivWe7aGKrsR3bB5gN1WKHbmjkB5sBDN6TGzY/DSYVLt:AaX1lDXz7DRupAwAVgTWKHSYHmN6HZLZ
Malware Config
Targets
-
-
Target
da553889332afa84bdb6903423527c25dfaef3c75b8ed17f48142ef8b49ea580
-
Size
4.9MB
-
MD5
ca8d4cd535b62a107fb51e128f26c6c1
-
SHA1
387f3aa6dbc337c48ee2f058712f4f1eb42f3e2d
-
SHA256
da553889332afa84bdb6903423527c25dfaef3c75b8ed17f48142ef8b49ea580
-
SHA512
cf972761571d7da3bfb6bd0aa52ac650179ed56dc2ce21b516461313651b9961b32f77ddf5cf34072a71f6a1e50a9817e8e07abb14e41b2e738edad223ebd2a8
-
SSDEEP
98304:C1N4H2aX1PtDXytasGDRuivWe7aGKrsR3bB5gN1WKHbmjkB5sBDN6TGzY/DSYVLt:AaX1lDXz7DRupAwAVgTWKHSYHmN6HZLZ
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-