General

  • Target

    81ff59064aee2985951585849fdb1e72.exe

  • Size

    2.0MB

  • Sample

    240323-n31jtsfh23

  • MD5

    81ff59064aee2985951585849fdb1e72

  • SHA1

    86e8537fdec1a12be3a79318ef37ac8137edcbea

  • SHA256

    6e8879c7cf7985de7664ac3d756fce01503d9d18fdef1bfdafd568a4cecde171

  • SHA512

    8e7dcea7445b2f9ffd11991f700036a28f24df3d4b27b252dad829d844fefc25afdd2ce0b7112c71255421b4776b07e388d0d2f413f1177c6222b55e1fe2269d

  • SSDEEP

    49152:32wTpneykPmxLYSeue04pW3bJr7yOtXXJBdb5v/gDe7D:mwTpnHJYSupW31KQXxF3gDc

Malware Config

Extracted

Family

socks5systemz

C2

http://boqgvrr.com/search/?q=67e28dd83d5fa62d1358fa4d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a668ff614c0ec92

http://boqgvrr.com/search/?q=67e28dd83d5fa62d1358fa4d7c27d78406abdd88be4b12eab517aa5c96bd86e9918e4c875a8bbc896c58e713bc90c91836b5281fc235a925ed3e5cd6bd974a95129070b616e96cc92be20ea778c255bbe258b90d3b4eed3233d1626a8ff810c1ee9c9f3bce68

http://ceedgfm.net/search/?q=67e28dd83a5da32a155afd1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a271ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffe10c9ea95993c

http://ceedgfm.net/search/?q=67e28dd83a5da32a155afd1b7c27d78406abdd88be4b12eab517aa5c96bd86ee96854f855a8bbc896c58e713bc90c91936b5281fc235a925ed3e01d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee949b32c86f9511

Targets

    • Target

      81ff59064aee2985951585849fdb1e72.exe

    • Size

      2.0MB

    • MD5

      81ff59064aee2985951585849fdb1e72

    • SHA1

      86e8537fdec1a12be3a79318ef37ac8137edcbea

    • SHA256

      6e8879c7cf7985de7664ac3d756fce01503d9d18fdef1bfdafd568a4cecde171

    • SHA512

      8e7dcea7445b2f9ffd11991f700036a28f24df3d4b27b252dad829d844fefc25afdd2ce0b7112c71255421b4776b07e388d0d2f413f1177c6222b55e1fe2269d

    • SSDEEP

      49152:32wTpneykPmxLYSeue04pW3bJr7yOtXXJBdb5v/gDe7D:mwTpnHJYSupW31KQXxF3gDc

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks