General

  • Target

    c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf

  • Size

    4.5MB

  • Sample

    240607-3wefcaec21

  • MD5

    973d6ab138dff4b4d239d8875d7e314a

  • SHA1

    182db26c49c4f8e5dd59cd7f959a666a19ed25ea

  • SHA256

    c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf

  • SHA512

    7a1153e8e53d990afb5a892d11eebd50687b9ac3dda2de75ff94feebe48a7c3050a702c97bbfcf6022ad3b6d73fb0b752f2c37f79ff7d7afa024b18b878e8a32

  • SSDEEP

    98304:mbrbur4hcGNZo1IgXHLLiskD0p8TFqidiEjKjiKabQ55LcZl:ql+h1TrLJKFTRdFjuhp5LY

Malware Config

Extracted

Family

socks5systemz

C2

ejlobpi.ua

http://ejlobpi.ua/search/?q=67e28dd86c5cf27a4508ad177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff819c0eb969f33

http://ejlobpi.ua/search/?q=67e28dd86c5cf27a4508ad177c27d78406abdd88be4b12eab517aa5c96bd86ef918e4d805a8bbc896c58e713bc90c91836b5281fc235a925ed3e54d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee92923bc96c931e

ddiheep.info

http://ddiheep.info/search/?q=67e28dd83f54f37a445aab4e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4be8889b5e4fa9281ae978f671ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff819c0eb969f33

http://ddiheep.info/search/?q=67e28dd83f54f37a445aab4e7c27d78406abdd88be4b12eab517aa5c96bd86ea97844496148ab2865b77f80ebad9c30f7cb63037ed2ab423a4334383ba915d911ec07bb606a0708727e40ea678c751bbe34efb0e2807e12571c17f3e83fe16c1e89d9a3fce6a9e

Targets

    • Target

      c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf

    • Size

      4.5MB

    • MD5

      973d6ab138dff4b4d239d8875d7e314a

    • SHA1

      182db26c49c4f8e5dd59cd7f959a666a19ed25ea

    • SHA256

      c33df76b76bef6d50d4a5188c8e98518ac3e1a3331206ec7fb864601f90c5bcf

    • SHA512

      7a1153e8e53d990afb5a892d11eebd50687b9ac3dda2de75ff94feebe48a7c3050a702c97bbfcf6022ad3b6d73fb0b752f2c37f79ff7d7afa024b18b878e8a32

    • SSDEEP

      98304:mbrbur4hcGNZo1IgXHLLiskD0p8TFqidiEjKjiKabQ55LcZl:ql+h1TrLJKFTRdFjuhp5LY

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks