General

  • Target

    992e20118d0e63c79c0d88e1466a53f06d9cb7da1fa380be989004a828db0d19

  • Size

    5.7MB

  • Sample

    240529-lgkv5sah33

  • MD5

    2fe9bf623223761484463b14830fab66

  • SHA1

    fa85b24db29280f9e4d7f1e8833371e74d377ae9

  • SHA256

    992e20118d0e63c79c0d88e1466a53f06d9cb7da1fa380be989004a828db0d19

  • SHA512

    df1b973c83f53d66b96cf742bc95e36144691c1f628cd2b383615190e04cd42f985c788e1b920252afb271f0158b3e698ad632ad52f1caeb35637f48e2686e87

  • SSDEEP

    98304:m4/9joS/UJ+2/uVYADdJDnekwMDPaDPfN0x6GbrTeeCuBou6k2MH8D:5/9jbU+2WVYaXDek/DPaD90rie9P6Xb

Malware Config

Targets

    • Target

      992e20118d0e63c79c0d88e1466a53f06d9cb7da1fa380be989004a828db0d19

    • Size

      5.7MB

    • MD5

      2fe9bf623223761484463b14830fab66

    • SHA1

      fa85b24db29280f9e4d7f1e8833371e74d377ae9

    • SHA256

      992e20118d0e63c79c0d88e1466a53f06d9cb7da1fa380be989004a828db0d19

    • SHA512

      df1b973c83f53d66b96cf742bc95e36144691c1f628cd2b383615190e04cd42f985c788e1b920252afb271f0158b3e698ad632ad52f1caeb35637f48e2686e87

    • SSDEEP

      98304:m4/9joS/UJ+2/uVYADdJDnekwMDPaDPfN0x6GbrTeeCuBou6k2MH8D:5/9jbU+2WVYaXDek/DPaD90rie9P6Xb

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks