Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c

  • Size

    4.8MB

  • Sample

    240531-sjkrgscg69

  • MD5

    1e44c054f8c676e87c20cc2e60aa4d43

  • SHA1

    712043656c1410aff0ceaa41dacf832fa7efd94e

  • SHA256

    629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c

  • SHA512

    768b5ed11447ab1d98af7858cdca515e51f204f5258271cc8fbf8ef1116c8c1b43f89d80cc1893d25078a4485f9dc59599e2c596d2d6277f2f74796b29b09ea8

  • SSDEEP

    98304:mne2eIdS4KWwHF6gyhMrZV7yjduvPI4zyWxfGIwtyGUWO:Ke2eoKncf6rj7Ad0CWRnwQAO

Malware Config

Extracted

Family

socks5systemz

C2

bvuebwm.com

ejagbua.ua

Targets

    • Target

      629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c

    • Size

      4.8MB

    • MD5

      1e44c054f8c676e87c20cc2e60aa4d43

    • SHA1

      712043656c1410aff0ceaa41dacf832fa7efd94e

    • SHA256

      629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c

    • SHA512

      768b5ed11447ab1d98af7858cdca515e51f204f5258271cc8fbf8ef1116c8c1b43f89d80cc1893d25078a4485f9dc59599e2c596d2d6277f2f74796b29b09ea8

    • SSDEEP

      98304:mne2eIdS4KWwHF6gyhMrZV7yjduvPI4zyWxfGIwtyGUWO:Ke2eoKncf6rj7Ad0CWRnwQAO

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Socks5systemz family

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks