General

  • Target

    399b8c6fa6476056ffc0b6fc7ea4c7a8fa1992c9c827bfa1d82970be733f6b0c

  • Size

    5.7MB

  • Sample

    240529-kc94sshc93

  • MD5

    01b182523dfae07e4dfe4935e3d1876b

  • SHA1

    7aac48e0a38bd686dbe6b29494257ce5f9b20c2f

  • SHA256

    399b8c6fa6476056ffc0b6fc7ea4c7a8fa1992c9c827bfa1d82970be733f6b0c

  • SHA512

    8b11a488b30a28984cc3745baafe0c555706f8362088751595215f15bd878ce4144f13d9767153bef4b3236de022262abb620994f9e960ad3dc6f4bde198985d

  • SSDEEP

    98304:mi1/nlHMpa1IuW54dr3lk9e5wY5lWwkZQ8Pxqo+drpQvw11hTsiAmroXH9D:719speIb541lkc5wNl1Pxq3rhyiZroXt

Malware Config

Targets

    • Target

      399b8c6fa6476056ffc0b6fc7ea4c7a8fa1992c9c827bfa1d82970be733f6b0c

    • Size

      5.7MB

    • MD5

      01b182523dfae07e4dfe4935e3d1876b

    • SHA1

      7aac48e0a38bd686dbe6b29494257ce5f9b20c2f

    • SHA256

      399b8c6fa6476056ffc0b6fc7ea4c7a8fa1992c9c827bfa1d82970be733f6b0c

    • SHA512

      8b11a488b30a28984cc3745baafe0c555706f8362088751595215f15bd878ce4144f13d9767153bef4b3236de022262abb620994f9e960ad3dc6f4bde198985d

    • SSDEEP

      98304:mi1/nlHMpa1IuW54dr3lk9e5wY5lWwkZQ8Pxqo+drpQvw11hTsiAmroXH9D:719speIb541lkc5wNl1Pxq3rhyiZroXt

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks