General

  • Target

    fe0678a16d2c979f096da9163dd94da05569d318451dc7badd2c09f10aa86be3

  • Size

    4.9MB

  • Sample

    240626-e3hvcavejf

  • MD5

    9193718b3fb1d4fd8eab303826d44101

  • SHA1

    05996443fa1dbc604e1301006daa4af08e18cc5d

  • SHA256

    fe0678a16d2c979f096da9163dd94da05569d318451dc7badd2c09f10aa86be3

  • SHA512

    89f105693453654768c7f226c8fcc59827b8556b51fd3943ac1c735d9e3e9b9f791458c8eaca5ca27ef620d8156d4eff126798e491fcbf59679b44b3250a1191

  • SSDEEP

    98304:msqQa52tC5vBQh9xkILwkFNx6b2GMtzFnb/Ikbfj8cKJ/vaCdgBZSe:pa805pcIBMH9fjTmvaECr

Malware Config

Extracted

Family

socks5systemz

C2

bhkctfx.com

http://bhkctfx.com/search/?q=67e28dd83f5aa4794209ff1c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978a271ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff612c7e994993e

http://bhkctfx.com/search/?q=67e28dd83f5aa4794209ff1c7c27d78406abdd88be4b12eab517aa5c96bd86ef9c804c895a8bbc896c58e713bc90c91d36b5281fc235a925ed3e01d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee9c993ccb6e9513

bvggzud.com

http://bvggzud.com/search/?q=67e28dd86f59a17b435afa187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978a271ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff612c7e994993f

http://bvggzud.com/search/?q=67e28dd86f59a17b435afa187c27d78406abdd88be4b12eab517aa5c96bd86ec958349865a8bbc896c58e713bc90c91a36b5281fc235a925ed3e01d6bd974a95129070b616e96cc92be510b866db51b9e34eed4c2b14a82966836f23d7f210c7ee9c993ccb6e9512

Targets

    • Target

      fe0678a16d2c979f096da9163dd94da05569d318451dc7badd2c09f10aa86be3

    • Size

      4.9MB

    • MD5

      9193718b3fb1d4fd8eab303826d44101

    • SHA1

      05996443fa1dbc604e1301006daa4af08e18cc5d

    • SHA256

      fe0678a16d2c979f096da9163dd94da05569d318451dc7badd2c09f10aa86be3

    • SHA512

      89f105693453654768c7f226c8fcc59827b8556b51fd3943ac1c735d9e3e9b9f791458c8eaca5ca27ef620d8156d4eff126798e491fcbf59679b44b3250a1191

    • SSDEEP

      98304:msqQa52tC5vBQh9xkILwkFNx6b2GMtzFnb/Ikbfj8cKJ/vaCdgBZSe:pa805pcIBMH9fjTmvaECr

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks