General

  • Target

    72c9c78af1bcef44f131becb89ca8388.bin

  • Size

    2.2MB

  • Sample

    240325-cs1lasgd7z

  • MD5

    9bd4e59f42396330103cb441f54c22db

  • SHA1

    fcdbb6b423d4141cd39bf900c7b486f2a41cc4df

  • SHA256

    d3070ae100f7b1fc897c06e54da231ce81806ba38c10b67b3391572fed9cc7a6

  • SHA512

    f42730d9ba457f8b9649a8084a8a87b434a5f478c70d35f24bb702511456a727e16d1e53a655a31f408c5d9cd8e906179945f4496507bd8fe963c4854c2a382b

  • SSDEEP

    49152:LRu2SMmDf2HSD6JYnuiXsTYvwh5X/LhQeMJO0hs:Fu2SPq26K1vwh5X/L2Aks

Malware Config

Extracted

Family

socks5systemz

C2

http://buicniz.com/search/?q=67e28dd86e58a42e450ca94d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ee8889b5e4fa9281ae978f671ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffe12c3ec969e33

Targets

    • Target

      19f878573535fd072225a06e5fc283bc9925a79df1b795c25d6a01605966b4c5.exe

    • Size

      2.2MB

    • MD5

      72c9c78af1bcef44f131becb89ca8388

    • SHA1

      9872f5fb908841d9fa25c38adb995bfcd392149b

    • SHA256

      19f878573535fd072225a06e5fc283bc9925a79df1b795c25d6a01605966b4c5

    • SHA512

      4e1c01064dbaad273b481382a8e26686a6da26f67926f0952deb25a0eca0e1275bab38b97bf7bcc484cdbf3f0141dd0612d8a2c72c21062af92c34f06dd38db0

    • SSDEEP

      49152:324u9cVTBk4TTJnFFwcDPM1lvmUG6jmnyienM7svXncfe0fKdqSRehM:m4umV6QTJnFTY102jmyfM7sv+e0AqS0a

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks