General

  • Target

    448d84336c0efefb600f40b8bd9d08e12e0768296bd380002d14c3cc49642e0f

  • Size

    4.8MB

  • Sample

    240529-b2m6wsea68

  • MD5

    29e2afca75c3ee557cad06eb50c30201

  • SHA1

    deb5d4686ff0a31b83adafdf0c838281a60960f3

  • SHA256

    448d84336c0efefb600f40b8bd9d08e12e0768296bd380002d14c3cc49642e0f

  • SHA512

    244b490d970957b848df4d835e69b910c8125d701c058f0ee53afae31a55673c6b97d8d1cfa71182639e930f7a0cbb32e78760ac05631fd9212d219df901c3e7

  • SSDEEP

    98304:muFzEAcCCUg5yGNYGt8quaX3lr/CEyHoYJwGv3/e/sZJn9Yv:H4eGdt86VDY3/isZjg

Malware Config

Targets

    • Target

      448d84336c0efefb600f40b8bd9d08e12e0768296bd380002d14c3cc49642e0f

    • Size

      4.8MB

    • MD5

      29e2afca75c3ee557cad06eb50c30201

    • SHA1

      deb5d4686ff0a31b83adafdf0c838281a60960f3

    • SHA256

      448d84336c0efefb600f40b8bd9d08e12e0768296bd380002d14c3cc49642e0f

    • SHA512

      244b490d970957b848df4d835e69b910c8125d701c058f0ee53afae31a55673c6b97d8d1cfa71182639e930f7a0cbb32e78760ac05631fd9212d219df901c3e7

    • SSDEEP

      98304:muFzEAcCCUg5yGNYGt8quaX3lr/CEyHoYJwGv3/e/sZJn9Yv:H4eGdt86VDY3/isZjg

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks