General

  • Target

    baa9fc8f270eccf31e3bab307ed8d2380a842ed07c41553065bf879cef50ddc7

  • Size

    4.7MB

  • Sample

    240529-erblwsaa3z

  • MD5

    06cdd2d022325ccbc167d84ba4752cdd

  • SHA1

    5f91f2adf24c5b3a3b77a4bbb16881c3cc4989c5

  • SHA256

    baa9fc8f270eccf31e3bab307ed8d2380a842ed07c41553065bf879cef50ddc7

  • SHA512

    53dbced14ef6e7ac2730e86d015d232855d6ad2da91747ac31e810438518cbdc77fbfdd89f19774fcf07767bbf863142e5897d3618787dd6db21ff50bfecd212

  • SSDEEP

    98304:mVpOCg4KBIDJZDfDbprEVr2AyUWdFTdjJMTZ0abelXX+psC21NWePbmjwwCUUag:KKWrLbREVrqdlU0abeleSC21oVCUPg

Malware Config

Targets

    • Target

      baa9fc8f270eccf31e3bab307ed8d2380a842ed07c41553065bf879cef50ddc7

    • Size

      4.7MB

    • MD5

      06cdd2d022325ccbc167d84ba4752cdd

    • SHA1

      5f91f2adf24c5b3a3b77a4bbb16881c3cc4989c5

    • SHA256

      baa9fc8f270eccf31e3bab307ed8d2380a842ed07c41553065bf879cef50ddc7

    • SHA512

      53dbced14ef6e7ac2730e86d015d232855d6ad2da91747ac31e810438518cbdc77fbfdd89f19774fcf07767bbf863142e5897d3618787dd6db21ff50bfecd212

    • SSDEEP

      98304:mVpOCg4KBIDJZDfDbprEVr2AyUWdFTdjJMTZ0abelXX+psC21NWePbmjwwCUUag:KKWrLbREVrqdlU0abeleSC21oVCUPg

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks