General

  • Target

    3cea679c50a2d7eebb23bc5e1a92dd15f38b87107f9c5031f1e766e053086589

  • Size

    5.0MB

  • Sample

    240626-v7dzysxfqn

  • MD5

    687034dbf6ef235bd59198996644929c

  • SHA1

    a9224692677e7d5e0cbbeaa12d785c8ba721df9d

  • SHA256

    3cea679c50a2d7eebb23bc5e1a92dd15f38b87107f9c5031f1e766e053086589

  • SHA512

    82973de35cbd9d3624bfb447ab0cfafc616c9abf6705bb501e041c67cd1fd25770f9fe33888d990d4a87a03076348c4fb1bc6123e164030e6fadded7240dc927

  • SSDEEP

    98304:mMw+Z4ubKmZM/L/L2ibxNRJsPDgnS7gIOUGyAkWA+hC5LTco5cWI6:M+CH/Wib3UPDb7gIdNAkxSCNXhI6

Malware Config

Extracted

Family

socks5systemz

C2

ddwmpfz.info

http://ddwmpfz.info/search/?q=67e28dd83e0bfb2e455aa5187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ae8889b5e4fa9281ae978f171ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff615c2ec909b33

ezhkobb.ua

http://ezhkobb.ua/search/?q=67e28dd83e55f3201607a91c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff615c2ec909b3c

Targets

    • Target

      3cea679c50a2d7eebb23bc5e1a92dd15f38b87107f9c5031f1e766e053086589

    • Size

      5.0MB

    • MD5

      687034dbf6ef235bd59198996644929c

    • SHA1

      a9224692677e7d5e0cbbeaa12d785c8ba721df9d

    • SHA256

      3cea679c50a2d7eebb23bc5e1a92dd15f38b87107f9c5031f1e766e053086589

    • SHA512

      82973de35cbd9d3624bfb447ab0cfafc616c9abf6705bb501e041c67cd1fd25770f9fe33888d990d4a87a03076348c4fb1bc6123e164030e6fadded7240dc927

    • SSDEEP

      98304:mMw+Z4ubKmZM/L/L2ibxNRJsPDgnS7gIOUGyAkWA+hC5LTco5cWI6:M+CH/Wib3UPDb7gIdNAkxSCNXhI6

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks