General

  • Target

    11a23f84fb96503c20ae8720f8794bb602590e81de7f5fff68a3cca169e50a06

  • Size

    5.6MB

  • Sample

    240529-hzb46sfd39

  • MD5

    20944bb703da0ad44f271c58d2fb1da8

  • SHA1

    490083d73699eda7e2b0c0665cf2e502eed5f7cf

  • SHA256

    11a23f84fb96503c20ae8720f8794bb602590e81de7f5fff68a3cca169e50a06

  • SHA512

    4f0457373c19c56ef8eb48d34a31086b57c2851714273a4666c10c462afc0e5590d99192d3664891a7cad7e710bd0c91eb400ec175a1dcf768a6ea19a2633e2e

  • SSDEEP

    98304:mKmS398iuNgfBv8pyo8Yp+ScYBw4xB0r7F+8kCJuvYtRh/Vjp/NeMnduD:1mSD2WW8YUSri4z0r7F+5CJuvG11eMnq

Malware Config

Targets

    • Target

      11a23f84fb96503c20ae8720f8794bb602590e81de7f5fff68a3cca169e50a06

    • Size

      5.6MB

    • MD5

      20944bb703da0ad44f271c58d2fb1da8

    • SHA1

      490083d73699eda7e2b0c0665cf2e502eed5f7cf

    • SHA256

      11a23f84fb96503c20ae8720f8794bb602590e81de7f5fff68a3cca169e50a06

    • SHA512

      4f0457373c19c56ef8eb48d34a31086b57c2851714273a4666c10c462afc0e5590d99192d3664891a7cad7e710bd0c91eb400ec175a1dcf768a6ea19a2633e2e

    • SSDEEP

      98304:mKmS398iuNgfBv8pyo8Yp+ScYBw4xB0r7F+8kCJuvYtRh/Vjp/NeMnduD:1mSD2WW8YUSri4z0r7F+5CJuvG11eMnq

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks