General

  • Target

    e7a0a134d787fe5cfbc5b8deef0e5fd4f9887b3c5ef037083d9ade058972e10b

  • Size

    5.3MB

  • Sample

    240624-qargkatbmd

  • MD5

    cea5312c0313b54e04fa613bee461bb4

  • SHA1

    b452ac365118898166fa5710809af9f7ace8522a

  • SHA256

    e7a0a134d787fe5cfbc5b8deef0e5fd4f9887b3c5ef037083d9ade058972e10b

  • SHA512

    9a1f539b9b1b9dfc118c55e17f37d7be9f32846f862c1fb306fb2aa9521aa72048538c9b597d0d4714f3ea036fecb3a752a775b163571a602e14fd3486c5aad6

  • SSDEEP

    98304:mcCZ/VRqsySNn+yz+SKyp2Cy32V/0nBbvTwRwd56UNL3655He99T/+n7N1+oPMct:AZCYt3SSKyDHqRvTwKH6U5qqT47KW

Malware Config

Extracted

Family

socks5systemz

C2

ebsehew.ua

http://ebsehew.ua/search/?q=67e28dd86e09a721465dff1c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978f771ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff613c3eb97933f

bdxpzdx.com

http://bdxpzdx.com/search/?q=67e28dd86459a42c4009ab4e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f171ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff613c3eb979338

Targets

    • Target

      e7a0a134d787fe5cfbc5b8deef0e5fd4f9887b3c5ef037083d9ade058972e10b

    • Size

      5.3MB

    • MD5

      cea5312c0313b54e04fa613bee461bb4

    • SHA1

      b452ac365118898166fa5710809af9f7ace8522a

    • SHA256

      e7a0a134d787fe5cfbc5b8deef0e5fd4f9887b3c5ef037083d9ade058972e10b

    • SHA512

      9a1f539b9b1b9dfc118c55e17f37d7be9f32846f862c1fb306fb2aa9521aa72048538c9b597d0d4714f3ea036fecb3a752a775b163571a602e14fd3486c5aad6

    • SSDEEP

      98304:mcCZ/VRqsySNn+yz+SKyp2Cy32V/0nBbvTwRwd56UNL3655He99T/+n7N1+oPMct:AZCYt3SSKyDHqRvTwKH6U5qqT47KW

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks