Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    575b492dde6a22eb32d5bb2c146054a0_NEIKI

  • Size

    4.0MB

  • Sample

    240508-z3gmhaad22

  • MD5

    575b492dde6a22eb32d5bb2c146054a0

  • SHA1

    b508611429e8e63a87c6e47459ee72917a82a091

  • SHA256

    211c254f45f6fb09fe27227a46fe7f4cccfb3468362acc250fa2db0197d60886

  • SHA512

    140d8827182fa99d5545995003a09322e10da4a4f64616c231eb070fc982b0b64c99708492a2e25fa9cd172791d80e300aa2f986e3804728553badb633e694e6

  • SSDEEP

    98304:AdL9xWLs1Esvx3VRy2XOwnqoQyVHXoblgL74+7e:AzwM5S2X9qM3oqLU+7e

Malware Config

Extracted

Family

socks5systemz

C2

51.159.66.125

217.23.6.51

151.80.38.159

217.23.9.168

37.187.122.227

Attributes
  • rc4_key

    heyfg645fdhwi

Targets

    • Target

      575b492dde6a22eb32d5bb2c146054a0_NEIKI

    • Size

      4.0MB

    • MD5

      575b492dde6a22eb32d5bb2c146054a0

    • SHA1

      b508611429e8e63a87c6e47459ee72917a82a091

    • SHA256

      211c254f45f6fb09fe27227a46fe7f4cccfb3468362acc250fa2db0197d60886

    • SHA512

      140d8827182fa99d5545995003a09322e10da4a4f64616c231eb070fc982b0b64c99708492a2e25fa9cd172791d80e300aa2f986e3804728553badb633e694e6

    • SSDEEP

      98304:AdL9xWLs1Esvx3VRy2XOwnqoQyVHXoblgL74+7e:AzwM5S2X9qM3oqLU+7e

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks