General

  • Target

    2e88345ca0276555d6be3aa117f521c72fd966d12f91dcbd85963e0fe9d68610

  • Size

    5.4MB

  • Sample

    240624-gmy8hayfmc

  • MD5

    49bd3637cac2196f55f0c3b35b50e4d9

  • SHA1

    20e2c3f5c0c82103bbf8e205e7dab42011d0f420

  • SHA256

    2e88345ca0276555d6be3aa117f521c72fd966d12f91dcbd85963e0fe9d68610

  • SHA512

    6373b594c0da25e1456d1005fd52c5ad9f80da9933641fa56592cd14277813e19379dbc0dda9d2de6f1493253dca7010da18d90c4fe6406581b2e717e78c1d6c

  • SSDEEP

    98304:m6M60qgQqye20qQNH5A/NHjaz3GdUkXnvCorx84inw2mWrmauffidH:DLe2Ob+DaTGpCTnw/WrSfyH

Malware Config

Extracted

Family

socks5systemz

C2

ddluwcb.info

bwuvuhs.com

Targets

    • Target

      2e88345ca0276555d6be3aa117f521c72fd966d12f91dcbd85963e0fe9d68610

    • Size

      5.4MB

    • MD5

      49bd3637cac2196f55f0c3b35b50e4d9

    • SHA1

      20e2c3f5c0c82103bbf8e205e7dab42011d0f420

    • SHA256

      2e88345ca0276555d6be3aa117f521c72fd966d12f91dcbd85963e0fe9d68610

    • SHA512

      6373b594c0da25e1456d1005fd52c5ad9f80da9933641fa56592cd14277813e19379dbc0dda9d2de6f1493253dca7010da18d90c4fe6406581b2e717e78c1d6c

    • SSDEEP

      98304:m6M60qgQqye20qQNH5A/NHjaz3GdUkXnvCorx84inw2mWrmauffidH:DLe2Ob+DaTGpCTnw/WrSfyH

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks