General

  • Target

    b067fc851060dcefab0f9da47d62f36ba60b6416abcfbad51d2e72d829e57838

  • Size

    4.6MB

  • Sample

    240610-kfw2cafb49

  • MD5

    3367e02ef9fd4f9cb93c20da02e31f37

  • SHA1

    789fa8a1e5d6fc1817d737100cae054b0952eca3

  • SHA256

    b067fc851060dcefab0f9da47d62f36ba60b6416abcfbad51d2e72d829e57838

  • SHA512

    637b5f8af713e8522871641b5b1a143500c40e9b7e55c8ed219e6b04b1967ce40d8ff3dcbc0bcec00203088161155ccffcb7591a2836fb852ac035334db2c91e

  • SSDEEP

    98304:mOcjJOvZVQ4kBVdivEUR9q6TeP2x3wznWTnyggAcl7H:ejJq7kBVdNEg2xAznAsH

Malware Config

Extracted

Family

socks5systemz

C2

bpamtqm.com

http://bpamtqm.com/search/?q=67e28dd86a5ba0284308f94b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f071ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8eff19c4ea93

ayidogb.ru

http://ayidogb.ru/search/?q=67e28dd86c0ca77c400cfe4c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff711c0e7919f3f

Targets

    • Target

      b067fc851060dcefab0f9da47d62f36ba60b6416abcfbad51d2e72d829e57838

    • Size

      4.6MB

    • MD5

      3367e02ef9fd4f9cb93c20da02e31f37

    • SHA1

      789fa8a1e5d6fc1817d737100cae054b0952eca3

    • SHA256

      b067fc851060dcefab0f9da47d62f36ba60b6416abcfbad51d2e72d829e57838

    • SHA512

      637b5f8af713e8522871641b5b1a143500c40e9b7e55c8ed219e6b04b1967ce40d8ff3dcbc0bcec00203088161155ccffcb7591a2836fb852ac035334db2c91e

    • SSDEEP

      98304:mOcjJOvZVQ4kBVdivEUR9q6TeP2x3wznWTnyggAcl7H:ejJq7kBVdNEg2xAznAsH

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks