Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    4fa524896f7acb979cb8900b03479272.exe

  • Size

    5.0MB

  • Sample

    240613-wlvw1s1fpn

  • MD5

    4fa524896f7acb979cb8900b03479272

  • SHA1

    d051e47915937d64fb6fcd4a3640c345ad892a18

  • SHA256

    7f2e61445c1de7e7f873e136d65e79c54aef5c91fc9239286d198162779312d0

  • SHA512

    8ff818f1a2a3f149bc93d1ba6998a32e3985f1c0bc5ef9f60b2b19ee346982c85ec895db0e9195dd00635d5ce61d9de33e6b896d4ca7e0eab02be6e23b39743d

  • SSDEEP

    98304:m+29v/40m11zG86IPCx1aB1XGLIxbPvEeQ2bwRwgJbwqaHoyMf3j3RDRe:bSv/4l1pz6laBYIJnPsag+qaHoFRD0

Malware Config

Extracted

Family

socks5systemz

C2

bdllgev.com

http://bdllgev.com/search/?q=67e28dd86f5ff42d4509ac187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dff10c7eb97

boltsoe.com

http://boltsoe.com/search/?q=67e28dd83a5da32a155afd1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a271ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff712c0ee929e3a

Targets

    • Target

      4fa524896f7acb979cb8900b03479272.exe

    • Size

      5.0MB

    • MD5

      4fa524896f7acb979cb8900b03479272

    • SHA1

      d051e47915937d64fb6fcd4a3640c345ad892a18

    • SHA256

      7f2e61445c1de7e7f873e136d65e79c54aef5c91fc9239286d198162779312d0

    • SHA512

      8ff818f1a2a3f149bc93d1ba6998a32e3985f1c0bc5ef9f60b2b19ee346982c85ec895db0e9195dd00635d5ce61d9de33e6b896d4ca7e0eab02be6e23b39743d

    • SSDEEP

      98304:m+29v/40m11zG86IPCx1aB1XGLIxbPvEeQ2bwRwgJbwqaHoyMf3j3RDRe:bSv/4l1pz6laBYIJnPsag+qaHoFRD0

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks