General

  • Target

    d26becc92e558dc546498843797b1a3c1c3b20d99b6cd3fcf88e0c6e7624ca77

  • Size

    2.0MB

  • Sample

    240324-rqz93sdb84

  • MD5

    0cdb90a1aadeaef6bb78fe3fc3d3300b

  • SHA1

    592924eef622d15aee1fd290b92c023e40c9e7f8

  • SHA256

    d26becc92e558dc546498843797b1a3c1c3b20d99b6cd3fcf88e0c6e7624ca77

  • SHA512

    ebe3e36862375a823e5bb9f5c4097484f040c0eb9fa857e0d25a614b2aec8317a797642875a26a51ab12defb890a3fc25edc299a0606d22b59ad527fc7542843

  • SSDEEP

    49152:32f3aT1Sfzs2xz2eAphOOlzjikYsqoRtVHtr25LVkI:mvo8soz2eAiOhYsq2125BkI

Malware Config

Extracted

Family

socks5systemz

C2

http://aaeyoje.ru/search/?q=67e28dd8685ff32d4309f94d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c647db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffe13c9ef969e3e

http://boomsuz.com/search/?q=67e28dd83a0ba47b435ca84a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1ee8889b5e4fa9281ae978a071ea771795af8e05c647db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ffe13c9ef969e3f

Targets

    • Target

      d26becc92e558dc546498843797b1a3c1c3b20d99b6cd3fcf88e0c6e7624ca77

    • Size

      2.0MB

    • MD5

      0cdb90a1aadeaef6bb78fe3fc3d3300b

    • SHA1

      592924eef622d15aee1fd290b92c023e40c9e7f8

    • SHA256

      d26becc92e558dc546498843797b1a3c1c3b20d99b6cd3fcf88e0c6e7624ca77

    • SHA512

      ebe3e36862375a823e5bb9f5c4097484f040c0eb9fa857e0d25a614b2aec8317a797642875a26a51ab12defb890a3fc25edc299a0606d22b59ad527fc7542843

    • SSDEEP

      49152:32f3aT1Sfzs2xz2eAphOOlzjikYsqoRtVHtr25LVkI:mvo8soz2eAiOhYsq2125BkI

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks