General

  • Target

    e8972d7543518e0ce17b4feba017369c4f12f0422bc290baeb028d2db6877ba2

  • Size

    6.1MB

  • Sample

    240529-vfahfsce43

  • MD5

    f71b05ac86bf442fb89c86e46fcbc024

  • SHA1

    c0a7df36bdd64b0a506a60c461b431e2a12c34eb

  • SHA256

    e8972d7543518e0ce17b4feba017369c4f12f0422bc290baeb028d2db6877ba2

  • SHA512

    02e20af35662f6e3e53811433a58f01d90a36c922d005009af68ebdf7b8d903710f31129611b1f4dd590c5c252188f933233050adf6a43e5f99bcc6663058ec9

  • SSDEEP

    196608:gnFZ1MqpAJO/TkcxGCG6Y0OJtZFl7vdLLba/+p+B:gryMYO/TXnYnZrFLHa2pm

Malware Config

Targets

    • Target

      e8972d7543518e0ce17b4feba017369c4f12f0422bc290baeb028d2db6877ba2

    • Size

      6.1MB

    • MD5

      f71b05ac86bf442fb89c86e46fcbc024

    • SHA1

      c0a7df36bdd64b0a506a60c461b431e2a12c34eb

    • SHA256

      e8972d7543518e0ce17b4feba017369c4f12f0422bc290baeb028d2db6877ba2

    • SHA512

      02e20af35662f6e3e53811433a58f01d90a36c922d005009af68ebdf7b8d903710f31129611b1f4dd590c5c252188f933233050adf6a43e5f99bcc6663058ec9

    • SSDEEP

      196608:gnFZ1MqpAJO/TkcxGCG6Y0OJtZFl7vdLLba/+p+B:gryMYO/TXnYnZrFLHa2pm

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks