General

  • Target

    39e93df2b614a9be8b47a5c2b6a096c892ba51c55c2622f4293870f1e8eb7fcb

  • Size

    6.1MB

  • Sample

    240529-257b2sed54

  • MD5

    39f3f8b9cfde37e091e2a74b9625c211

  • SHA1

    04310800ac70e4d657c79b9205534ceb59838c46

  • SHA256

    39e93df2b614a9be8b47a5c2b6a096c892ba51c55c2622f4293870f1e8eb7fcb

  • SHA512

    5309e2b29a8a3f15a6cb57106f717a3ec7341b5c2a94c54e5d039a18c1d1278906f3aa3dfd9ea831040e57470f80d797fa1c75892b65049fbe384e36cec43c9a

  • SSDEEP

    196608:QYj7mcomsfzlHSFn9wU4r+DwFFhOTH4RvxZJC4+X:d7mcrsJHswqwPhcYRpZMb

Malware Config

Targets

    • Target

      39e93df2b614a9be8b47a5c2b6a096c892ba51c55c2622f4293870f1e8eb7fcb

    • Size

      6.1MB

    • MD5

      39f3f8b9cfde37e091e2a74b9625c211

    • SHA1

      04310800ac70e4d657c79b9205534ceb59838c46

    • SHA256

      39e93df2b614a9be8b47a5c2b6a096c892ba51c55c2622f4293870f1e8eb7fcb

    • SHA512

      5309e2b29a8a3f15a6cb57106f717a3ec7341b5c2a94c54e5d039a18c1d1278906f3aa3dfd9ea831040e57470f80d797fa1c75892b65049fbe384e36cec43c9a

    • SSDEEP

      196608:QYj7mcomsfzlHSFn9wU4r+DwFFhOTH4RvxZJC4+X:d7mcrsJHswqwPhcYRpZMb

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks