General

  • Target

    614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656

  • Size

    5.4MB

  • Sample

    240624-f3znjayble

  • MD5

    17be96a2c05d884021861f344059357e

  • SHA1

    a7be70e6355757bac17682fec674605176c7558b

  • SHA256

    614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656

  • SHA512

    b4cb8c14f58a7e5aca002f36c8da3daa0ee9771d5a4551777cfdb6f23df3b8237531b5126811716bbbefa6002400d3c02883286edf092bdc0169e7df2a60711e

  • SSDEEP

    98304:mTYe+ESPrh6EKjnpCeAkL53jc60zQPnstuBoxo8/FuWRkX2euEFxX/4SnggmdjQs:qqrwEGpH5Vz/0zQEtlxR/FRR8FxX/pnu

Malware Config

Extracted

Family

socks5systemz

C2

bnhzyhg.com

http://bnhzyhg.com/search/?q=67e28dd86c0ca72e110aab177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6e8cff17c7eb95

http://bnhzyhg.com/search/?q=67e28dd86c0ca72e110aab177c27d78406abdd88be4b12eab517aa5c96bd86eb938e4c96148ab2865b77f80ebad9c00f7cb63037ed2ab423a4334383ba915d911ec07bb606a0708720fa11b861c353baf51aba1e7242fa7023cc366689fe18c2ef939d3fcd

bfzyyod.com

http://bfzyyod.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff613c0e9929e3b

http://bfzyyod.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12eab517aa5c96bd86e89d864b805a8bbc896c58e713bc90c91936b5281fc235a925ed3e56d6bd974a95129070b616e96cc92be510b866db52bee348ee4c2b14a82966836f23d7f210c7ee9c983bcb689216

Targets

    • Target

      614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656

    • Size

      5.4MB

    • MD5

      17be96a2c05d884021861f344059357e

    • SHA1

      a7be70e6355757bac17682fec674605176c7558b

    • SHA256

      614d23dede8ace88076a74666eb445f9400e164e064fb28f0389f87814b52656

    • SHA512

      b4cb8c14f58a7e5aca002f36c8da3daa0ee9771d5a4551777cfdb6f23df3b8237531b5126811716bbbefa6002400d3c02883286edf092bdc0169e7df2a60711e

    • SSDEEP

      98304:mTYe+ESPrh6EKjnpCeAkL53jc60zQPnstuBoxo8/FuWRkX2euEFxX/4SnggmdjQs:qqrwEGpH5Vz/0zQEtlxR/FRR8FxX/pnu

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks