General

  • Target

    f3d92e34c7d5708a8906e6f76efff9c2caa17a51d111849ef1ebf7a7d85e00f1

  • Size

    5.6MB

  • Sample

    240529-gf7lascd2v

  • MD5

    ddf33cb8f71c9ab2c693a713d7e72959

  • SHA1

    90259333c16d774ab8529e3bf85196aa99106ac1

  • SHA256

    f3d92e34c7d5708a8906e6f76efff9c2caa17a51d111849ef1ebf7a7d85e00f1

  • SHA512

    2db0fecf7d974bd5783ea04565ed994f7d9fc622c32fd6689b96c14c0575993c5291160123de4b273a4ea46d4f789fe72a1302200fbd1c547376053303726734

  • SSDEEP

    98304:mlB8+geMOI3eEa4YjpFrLbhoazERFnM2EBphFkXAZA/xxBFi8xb:YB8M5EhEFrHuasM2XXAZA/H68d

Malware Config

Targets

    • Target

      f3d92e34c7d5708a8906e6f76efff9c2caa17a51d111849ef1ebf7a7d85e00f1

    • Size

      5.6MB

    • MD5

      ddf33cb8f71c9ab2c693a713d7e72959

    • SHA1

      90259333c16d774ab8529e3bf85196aa99106ac1

    • SHA256

      f3d92e34c7d5708a8906e6f76efff9c2caa17a51d111849ef1ebf7a7d85e00f1

    • SHA512

      2db0fecf7d974bd5783ea04565ed994f7d9fc622c32fd6689b96c14c0575993c5291160123de4b273a4ea46d4f789fe72a1302200fbd1c547376053303726734

    • SSDEEP

      98304:mlB8+geMOI3eEa4YjpFrLbhoazERFnM2EBphFkXAZA/xxBFi8xb:YB8M5EhEFrHuasM2XXAZA/H68d

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks