General

  • Target

    ef7bb8f96b97392ee285a9116f01456266a3a49d79b8489ad83455c3b4ff1f20

  • Size

    5.4MB

  • Sample

    240624-gnpepayfnc

  • MD5

    46eadbb3fbd4d7c71db9aa8c4ef522ff

  • SHA1

    362230f0afeaa0138429d02235c1ea91aa16c31d

  • SHA256

    ef7bb8f96b97392ee285a9116f01456266a3a49d79b8489ad83455c3b4ff1f20

  • SHA512

    e2e7c329d17a72206a010c8c72e8d5ebd4432c3f4eea2974340aeac22845fef5a14a23aa0631e24eb317dcefd517e7ec37d3d8f595cece306ac1634cf9da81d6

  • SSDEEP

    98304:mWZC6ahEftG8VVGlNLRFZLe3D5u3Hla1m7u95t1ElxDtFVZ3RTqG+JOS7ueQ+1MI:bBaMbGldRFZLeTIVa1cuBCno7uerWfU7

Malware Config

Extracted

Family

socks5systemz

C2

cczpdsy.net

gbuegfv.com

dtocejh.info

http://dtocejh.info/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff613c0e7939332

Targets

    • Target

      ef7bb8f96b97392ee285a9116f01456266a3a49d79b8489ad83455c3b4ff1f20

    • Size

      5.4MB

    • MD5

      46eadbb3fbd4d7c71db9aa8c4ef522ff

    • SHA1

      362230f0afeaa0138429d02235c1ea91aa16c31d

    • SHA256

      ef7bb8f96b97392ee285a9116f01456266a3a49d79b8489ad83455c3b4ff1f20

    • SHA512

      e2e7c329d17a72206a010c8c72e8d5ebd4432c3f4eea2974340aeac22845fef5a14a23aa0631e24eb317dcefd517e7ec37d3d8f595cece306ac1634cf9da81d6

    • SSDEEP

      98304:mWZC6ahEftG8VVGlNLRFZLe3D5u3Hla1m7u95t1ElxDtFVZ3RTqG+JOS7ueQ+1MI:bBaMbGldRFZLeTIVa1cuBCno7uerWfU7

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks