General

  • Target

    6e08ed3b9a5575b1eb4501fa28a9b0fa9f022dbd459de13d6a164f67418ad0c5

  • Size

    2.0MB

  • Sample

    240323-stchvsbe8t

  • MD5

    245feb1863027e245b3de9957ae20ae6

  • SHA1

    17ca0ff141577f13e1c5194c03f49c894037a709

  • SHA256

    6e08ed3b9a5575b1eb4501fa28a9b0fa9f022dbd459de13d6a164f67418ad0c5

  • SHA512

    0f0470294de37c2988c66b0268f85108e5c4f641d6df0beba6198e1d60401fd992929c158f20aacc515af192af1a2ca2a27cf8f4a599fd840c38010c5b19c2e9

  • SSDEEP

    49152:326cyROWJGguankmaHmFxdPr9Pz/I4pHCH:mFyLYAkmaGBPJzCH

Malware Config

Extracted

Family

socks5systemz

C2

http://bdzdhvc.com/search/?q=67e28dd86c0ea7794406f94d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978f671ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffe13c0e8909e3a

http://bwwkjni.com/search/?q=67e28dd83a58f22a160bab1e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a071ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ffe13c0e8909e39

Targets

    • Target

      6e08ed3b9a5575b1eb4501fa28a9b0fa9f022dbd459de13d6a164f67418ad0c5

    • Size

      2.0MB

    • MD5

      245feb1863027e245b3de9957ae20ae6

    • SHA1

      17ca0ff141577f13e1c5194c03f49c894037a709

    • SHA256

      6e08ed3b9a5575b1eb4501fa28a9b0fa9f022dbd459de13d6a164f67418ad0c5

    • SHA512

      0f0470294de37c2988c66b0268f85108e5c4f641d6df0beba6198e1d60401fd992929c158f20aacc515af192af1a2ca2a27cf8f4a599fd840c38010c5b19c2e9

    • SSDEEP

      49152:326cyROWJGguankmaHmFxdPr9Pz/I4pHCH:mFyLYAkmaGBPJzCH

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks