General

  • Target

    6421c09dcb3900ca8e8af52ff11ab40fc7a4f6d0cde5f6caacc5fc5c1c594bed

  • Size

    5.5MB

  • Sample

    240529-fx73qace38

  • MD5

    a0b2e0315335733290380d724e847066

  • SHA1

    d3cdee5694b9342f281eaab88e3732df226caea6

  • SHA256

    6421c09dcb3900ca8e8af52ff11ab40fc7a4f6d0cde5f6caacc5fc5c1c594bed

  • SHA512

    734bbd334c9573deb1f5864b3d3ad558709d9c1c6f19ce264f41ee43365f688d58cd90003d564c9d2c655617930a7914e7009d0cc3bda78dd0a9f4b2b4477180

  • SSDEEP

    98304:mRydqCbdbA63Vp1IYmupvNsPS+6/qDbGy2xB8GkcYwTOtZxbM/slHHxpv:Bdzbds63V/muez6/qDboxB8GkOCt3Q0N

Malware Config

Targets

    • Target

      6421c09dcb3900ca8e8af52ff11ab40fc7a4f6d0cde5f6caacc5fc5c1c594bed

    • Size

      5.5MB

    • MD5

      a0b2e0315335733290380d724e847066

    • SHA1

      d3cdee5694b9342f281eaab88e3732df226caea6

    • SHA256

      6421c09dcb3900ca8e8af52ff11ab40fc7a4f6d0cde5f6caacc5fc5c1c594bed

    • SHA512

      734bbd334c9573deb1f5864b3d3ad558709d9c1c6f19ce264f41ee43365f688d58cd90003d564c9d2c655617930a7914e7009d0cc3bda78dd0a9f4b2b4477180

    • SSDEEP

      98304:mRydqCbdbA63Vp1IYmupvNsPS+6/qDbGy2xB8GkcYwTOtZxbM/slHHxpv:Bdzbds63V/muez6/qDboxB8GkOCt3Q0N

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks