General

  • Target

    0ea34a7c588eed4991e3e550c1a5cc3b07c4f353752bf22ef99fc1377f241b32

  • Size

    5.9MB

  • Sample

    240529-2elbwsdb45

  • MD5

    4a142662b2641cf74307c3ba3986be61

  • SHA1

    b41ac6c0e0298f37c58d4a43d5de9eb77918e031

  • SHA256

    0ea34a7c588eed4991e3e550c1a5cc3b07c4f353752bf22ef99fc1377f241b32

  • SHA512

    044cf1d043ef98ea1969c4ac2b024abcf76235d35915061ef1176970b1932334245724a016be544965af9a42fbc74fcdb4fd6d22374a17a01f856b727259ec0a

  • SSDEEP

    98304:mKhJ1vF1zA57+jqWC2NKntFc9C+8fIkGM/YTSPT3VztCJgV5feALc56X+2nzT:phJ1t1c7++YNoc9tsrYWbVJeAYgPn

Malware Config

Targets

    • Target

      0ea34a7c588eed4991e3e550c1a5cc3b07c4f353752bf22ef99fc1377f241b32

    • Size

      5.9MB

    • MD5

      4a142662b2641cf74307c3ba3986be61

    • SHA1

      b41ac6c0e0298f37c58d4a43d5de9eb77918e031

    • SHA256

      0ea34a7c588eed4991e3e550c1a5cc3b07c4f353752bf22ef99fc1377f241b32

    • SHA512

      044cf1d043ef98ea1969c4ac2b024abcf76235d35915061ef1176970b1932334245724a016be544965af9a42fbc74fcdb4fd6d22374a17a01f856b727259ec0a

    • SSDEEP

      98304:mKhJ1vF1zA57+jqWC2NKntFc9C+8fIkGM/YTSPT3VztCJgV5feALc56X+2nzT:phJ1t1c7++YNoc9tsrYWbVJeAYgPn

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks