General

  • Target

    f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698

  • Size

    5.4MB

  • Sample

    240624-p3gx6asgma

  • MD5

    a4eecde6282ecffeec2423422db0daa5

  • SHA1

    6adba1b5d79e68bcb0ac9ca7998848812994684a

  • SHA256

    f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698

  • SHA512

    4406c21ada67d1614cb3a956cde5c1ad00226ffa8b544a2e1fd1b251bd30d76cbc680a9a4ca2e134acc1ec709001eae9de292e7fd2d05d5c5ecb5c287a602021

  • SSDEEP

    98304:mOgtb5WD7iUNWdSCssTPvXpk2e/tI/LvgNchnweCZUTflpg2gcnRHdDiLZf+w:ly8PpNNoX62eO/LvsAzMUTdHgeU9+w

Malware Config

Extracted

Family

socks5systemz

C2

bwiazjh.com

http://bwiazjh.com/search/?q=67e28dd86e09a721465dff1c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978f771ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff613c3ec909939

dldmibc.info

http://dldmibc.info/search/?q=67e28dd86f59a17b435afa187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978a271ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff613c3ec90993a

Targets

    • Target

      f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698

    • Size

      5.4MB

    • MD5

      a4eecde6282ecffeec2423422db0daa5

    • SHA1

      6adba1b5d79e68bcb0ac9ca7998848812994684a

    • SHA256

      f7e2d5b97e4d6a54961071c6dc134d78c901a64a8e29445972fcf9be24d5b698

    • SHA512

      4406c21ada67d1614cb3a956cde5c1ad00226ffa8b544a2e1fd1b251bd30d76cbc680a9a4ca2e134acc1ec709001eae9de292e7fd2d05d5c5ecb5c287a602021

    • SSDEEP

      98304:mOgtb5WD7iUNWdSCssTPvXpk2e/tI/LvgNchnweCZUTflpg2gcnRHdDiLZf+w:ly8PpNNoX62eO/LvsAzMUTdHgeU9+w

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks