Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    3c0e672bce0dad4ed808fc11657433c09a949dde5cb92cb6e3e9ca3b70d1ee52

  • Size

    2.0MB

  • Sample

    240315-bddybaef39

  • MD5

    7b0450a8f0f55e1a4dd87d63c89391ec

  • SHA1

    07791ca729fe8530516a30cf79537851087e838c

  • SHA256

    3c0e672bce0dad4ed808fc11657433c09a949dde5cb92cb6e3e9ca3b70d1ee52

  • SHA512

    57c388a091fb1d381d6c5b6eb903100ef598e5abdd623508407305ac91a7809230d4733a354f61b0c79c8daa373f1094ec7a72471a423544d9d433776dd33466

  • SSDEEP

    49152:32wgMX097PjZYMpO6qaO9emlnq22+Q6NzFWatjY0gKNB:mwVgrZYMG9emtq2rQ6F8atRJB

Malware Config

Extracted

Family

socks5systemz

C2

http://dtewswe.info/search/?q=67e28dd83a08f628140aae1d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f271ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a678af915c6ee97

http://dixmtyi.info/search/?q=67e28dd83a5afb7a460aac4a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa49e8889b5e4fa9281ae978f771ea771795af8e05c645db22f31df92d8838ed12a666d307eca743ec4c2b07b52966923a678af915c5e895

Targets

    • Target

      3c0e672bce0dad4ed808fc11657433c09a949dde5cb92cb6e3e9ca3b70d1ee52

    • Size

      2.0MB

    • MD5

      7b0450a8f0f55e1a4dd87d63c89391ec

    • SHA1

      07791ca729fe8530516a30cf79537851087e838c

    • SHA256

      3c0e672bce0dad4ed808fc11657433c09a949dde5cb92cb6e3e9ca3b70d1ee52

    • SHA512

      57c388a091fb1d381d6c5b6eb903100ef598e5abdd623508407305ac91a7809230d4733a354f61b0c79c8daa373f1094ec7a72471a423544d9d433776dd33466

    • SSDEEP

      49152:32wgMX097PjZYMpO6qaO9emlnq22+Q6NzFWatjY0gKNB:mwVgrZYMG9emtq2rQ6F8atRJB

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks