General

  • Target

    d3eed14b62ecea9cde96248df1c2d216c004c62c6e80287da6bd0b7d09952e09.exe

  • Size

    2.1MB

  • Sample

    240325-cxdmbsge81

  • MD5

    62a66a8f38b5d8c588710e33836ec461

  • SHA1

    fa4cae82470c0b230b9c78050b7634945289a7a9

  • SHA256

    d3eed14b62ecea9cde96248df1c2d216c004c62c6e80287da6bd0b7d09952e09

  • SHA512

    2606ed96f63e6648d333b112290338797b163810fc73d938816cc265deb0c088d1ff73f2c4ffcab5d35a45248dd1619327b252386c6ac5b8e0c7278602e3a916

  • SSDEEP

    49152:32pqWm1Pyj+QqyNT5i4zOi3VqfbLt/RMhUK+F4axtxM:mptIqj+M1ffFrzk48DM

Malware Config

Extracted

Family

socks5systemz

C2

http://cebvuzd.net/search/?q=67e28dd8680cf4794658a44a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4be8889b5e4fa9281ae978f571ea771795af8e05c642db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a668dfc12c6e693

http://bgpuktw.com/search/?q=67e28dd86a5cf47e155fff1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978ff71ea771795af8e05c642db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ffe12c3ec939233

http://bgpuktw.com/search/?q=67e28dd86a5cf47e155fff1a7c27d78406abdd88be4b12eab517aa5c96bd86e993854f885a8bbc896c58e713bc90c91836b5281fc235a925ed3e5cd6bd974a95129070b611e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee949938ce699e1e

Targets

    • Target

      d3eed14b62ecea9cde96248df1c2d216c004c62c6e80287da6bd0b7d09952e09.exe

    • Size

      2.1MB

    • MD5

      62a66a8f38b5d8c588710e33836ec461

    • SHA1

      fa4cae82470c0b230b9c78050b7634945289a7a9

    • SHA256

      d3eed14b62ecea9cde96248df1c2d216c004c62c6e80287da6bd0b7d09952e09

    • SHA512

      2606ed96f63e6648d333b112290338797b163810fc73d938816cc265deb0c088d1ff73f2c4ffcab5d35a45248dd1619327b252386c6ac5b8e0c7278602e3a916

    • SSDEEP

      49152:32pqWm1Pyj+QqyNT5i4zOi3VqfbLt/RMhUK+F4axtxM:mptIqj+M1ffFrzk48DM

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Detects executables packed with VMProtect.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks