General

  • Target

    1d4fef0aeb13fcb88a828f85c2945574b9a632bcb5fbeaebdb1f7f3097ceb4ca

  • Size

    5.3MB

  • Sample

    240624-f3zcrsybld

  • MD5

    13d86bf5e6f9de48b83f23ec501135a8

  • SHA1

    1fb8edbe5861dc0444395e715ecbd261ae9b99b0

  • SHA256

    1d4fef0aeb13fcb88a828f85c2945574b9a632bcb5fbeaebdb1f7f3097ceb4ca

  • SHA512

    a57a362cf875d9474e5fd9f06698884b1919b6a53cc06d3160ce52fb770dc88aa9345cc2193456f159e52123774155e34f0f2f92e2f24f43cddfe712e27d607e

  • SSDEEP

    98304:mYMKTcH8dTsFXz5Ckd3zwntWnKyvN4uq3h1ERbuHa1szu24/HzwSTXqryVERh:xMKT/dAFj5CkdLnKiqvEhu61szutvsS0

Malware Config

Extracted

Family

socks5systemz

C2

bppldll.com

http://bppldll.com/search/?q=67e28dd83a5da32a155afd1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a271ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff613c0e9929f3f

dlkcakc.info

Targets

    • Target

      1d4fef0aeb13fcb88a828f85c2945574b9a632bcb5fbeaebdb1f7f3097ceb4ca

    • Size

      5.3MB

    • MD5

      13d86bf5e6f9de48b83f23ec501135a8

    • SHA1

      1fb8edbe5861dc0444395e715ecbd261ae9b99b0

    • SHA256

      1d4fef0aeb13fcb88a828f85c2945574b9a632bcb5fbeaebdb1f7f3097ceb4ca

    • SHA512

      a57a362cf875d9474e5fd9f06698884b1919b6a53cc06d3160ce52fb770dc88aa9345cc2193456f159e52123774155e34f0f2f92e2f24f43cddfe712e27d607e

    • SSDEEP

      98304:mYMKTcH8dTsFXz5Ckd3zwntWnKyvN4uq3h1ERbuHa1szu24/HzwSTXqryVERh:xMKT/dAFj5CkdLnKiqvEhu61szutvsS0

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks