General

  • Target

    5e5fbf8bcece5b4e5071ae9a9396ebeeef1716412e846d36275257ffdccc8003

  • Size

    5.9MB

  • Sample

    240529-316emafh23

  • MD5

    a74d9f2b08fe442240ff8d837acac5f4

  • SHA1

    08d20052d1f5f977dae1f58b23202e741df19fa8

  • SHA256

    5e5fbf8bcece5b4e5071ae9a9396ebeeef1716412e846d36275257ffdccc8003

  • SHA512

    939c5f300b11f32132c123bea9a2de0040f13b9d2fffc63bc32db4be448633d9a2ddc1f8aee1b6aba06c5eebce994461e890cfbb7fbba1a5aa30778ea261cc49

  • SSDEEP

    98304:mzmi8Gpqv1drjlNxkVPkQwPfptaFn/2GbhZSrr3B7eVz+odZrduwXNt2U9l4:yz41hpNxlLPfpg5/ZhZqr3tazHZxXv14

Malware Config

Targets

    • Target

      5e5fbf8bcece5b4e5071ae9a9396ebeeef1716412e846d36275257ffdccc8003

    • Size

      5.9MB

    • MD5

      a74d9f2b08fe442240ff8d837acac5f4

    • SHA1

      08d20052d1f5f977dae1f58b23202e741df19fa8

    • SHA256

      5e5fbf8bcece5b4e5071ae9a9396ebeeef1716412e846d36275257ffdccc8003

    • SHA512

      939c5f300b11f32132c123bea9a2de0040f13b9d2fffc63bc32db4be448633d9a2ddc1f8aee1b6aba06c5eebce994461e890cfbb7fbba1a5aa30778ea261cc49

    • SSDEEP

      98304:mzmi8Gpqv1drjlNxkVPkQwPfptaFn/2GbhZSrr3B7eVz+odZrduwXNt2U9l4:yz41hpNxlLPfpg5/ZhZqr3tazHZxXv14

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks