General
-
Target
ac82b4fc0893c91e7bbd49f55c60394c773065f20560a86838b6e27328bd0d63
-
Size
4.9MB
-
Sample
240701-bqe15ssakh
-
MD5
df3ab9646942241f8f3097ec8e22f312
-
SHA1
ddca2ae67957d3a7d6fdd0a9860ec90360ad5e8b
-
SHA256
ac82b4fc0893c91e7bbd49f55c60394c773065f20560a86838b6e27328bd0d63
-
SHA512
7bd87ec6a2301faffd601aa29d2c7ab3def9e838d0b646abe217035846f689006af177b1a25dfe26edbcf1408825c6fe56ea4c9abafce9acf7c41b9e5f64253f
-
SSDEEP
98304:CB7SV3Obs0aDiog6rLw22eTG72H60I0MnLdp/QGKUvM14Qx3:1Mbs0Qvgw8MGR0MLn/55MSQl
Malware Config
Targets
-
-
Target
ac82b4fc0893c91e7bbd49f55c60394c773065f20560a86838b6e27328bd0d63
-
Size
4.9MB
-
MD5
df3ab9646942241f8f3097ec8e22f312
-
SHA1
ddca2ae67957d3a7d6fdd0a9860ec90360ad5e8b
-
SHA256
ac82b4fc0893c91e7bbd49f55c60394c773065f20560a86838b6e27328bd0d63
-
SHA512
7bd87ec6a2301faffd601aa29d2c7ab3def9e838d0b646abe217035846f689006af177b1a25dfe26edbcf1408825c6fe56ea4c9abafce9acf7c41b9e5f64253f
-
SSDEEP
98304:CB7SV3Obs0aDiog6rLw22eTG72H60I0MnLdp/QGKUvM14Qx3:1Mbs0Qvgw8MGR0MLn/55MSQl
Score10/10-
Detect Socks5Systemz Payload
-
Socks5Systemz
Socks5Systemz is a botnet written in C++.
-
Detects executables packed with VMProtect.
-
Executes dropped EXE
-
Loads dropped DLL
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-