General

  • Target

    02bcce4aaab02b3727f0d6f996eaae107263469e398a8796b5dc6ad15b1ecc4c

  • Size

    5.5MB

  • Sample

    240529-k2a11aac59

  • MD5

    136e2d560c5b942a93296b4a56db00ab

  • SHA1

    b16bd934bbde25e5611239bff30b280cfc6e3b02

  • SHA256

    02bcce4aaab02b3727f0d6f996eaae107263469e398a8796b5dc6ad15b1ecc4c

  • SHA512

    d4dab56a068b13799b182cdfc7aa1040a52797ee1d5b0d1bb728d231434b698fb23cc3c7349b699afd14cf2648449197aac6274389e5f6781a6fb8b23a787a8a

  • SSDEEP

    98304:m0dqE8qJ/GSiOcRrSROHRQyHuJ3i/DuHvkqhICZHZJX//U+e5S+Hj5swJ1OekULd:Xd78V5OlxyHuJ3i7uHvkMLZHZF//g5S6

Malware Config

Targets

    • Target

      02bcce4aaab02b3727f0d6f996eaae107263469e398a8796b5dc6ad15b1ecc4c

    • Size

      5.5MB

    • MD5

      136e2d560c5b942a93296b4a56db00ab

    • SHA1

      b16bd934bbde25e5611239bff30b280cfc6e3b02

    • SHA256

      02bcce4aaab02b3727f0d6f996eaae107263469e398a8796b5dc6ad15b1ecc4c

    • SHA512

      d4dab56a068b13799b182cdfc7aa1040a52797ee1d5b0d1bb728d231434b698fb23cc3c7349b699afd14cf2648449197aac6274389e5f6781a6fb8b23a787a8a

    • SSDEEP

      98304:m0dqE8qJ/GSiOcRrSROHRQyHuJ3i/DuHvkqhICZHZJX//U+e5S+Hj5swJ1OekULd:Xd78V5OlxyHuJ3i7uHvkMLZHZF//g5S6

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks