General

  • Target

    767099a416020f7aecd266dc40686e3a863d3e195097877fcb45e4bd13e3f2fb

  • Size

    5.5MB

  • Sample

    240624-f6mhda1hkj

  • MD5

    d1990f87bdd069225ccbe805b7125cce

  • SHA1

    913b3caf6ceb1f01caf8d960ad07c0c846389e27

  • SHA256

    767099a416020f7aecd266dc40686e3a863d3e195097877fcb45e4bd13e3f2fb

  • SHA512

    4a4f884063c9a72ee49eb57d55ab8befdbd416f66f995322e5cf5073070e82b424e725517818d5196a73660fb79e98ea98015bc7667aea6be994b1a963c95cef

  • SSDEEP

    98304:mwFRakzDi7qhZFd8yPb/i0r4sDar5ZW5qGiibCIC1dNtEINgyh/daEjvMczj/bse:jFRakzGWhGGb8sDar54qGiUC91hEeg4L

Malware Config

Extracted

Family

socks5systemz

C2

ddosadb.info

http://ddosadb.info/search/?q=67e28dd86f54a728120ffa1d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f771ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6e8cff16c0ee93

ebimnde.ua

http://ebimnde.ua/search/?q=67e28dd86809f27b415ba51b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1de8889b5e4fa9281ae978a771ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff613c0e8959b3f

Targets

    • Target

      767099a416020f7aecd266dc40686e3a863d3e195097877fcb45e4bd13e3f2fb

    • Size

      5.5MB

    • MD5

      d1990f87bdd069225ccbe805b7125cce

    • SHA1

      913b3caf6ceb1f01caf8d960ad07c0c846389e27

    • SHA256

      767099a416020f7aecd266dc40686e3a863d3e195097877fcb45e4bd13e3f2fb

    • SHA512

      4a4f884063c9a72ee49eb57d55ab8befdbd416f66f995322e5cf5073070e82b424e725517818d5196a73660fb79e98ea98015bc7667aea6be994b1a963c95cef

    • SSDEEP

      98304:mwFRakzDi7qhZFd8yPb/i0r4sDar5ZW5qGiibCIC1dNtEINgyh/daEjvMczj/bse:jFRakzGWhGGb8sDar54qGiUC91hEeg4L

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks