General

  • Target

    51f7853ddbd4e3fdd7ee824e3966ab8c437248607bbde8a7593bcc1441699546

  • Size

    6.1MB

  • Sample

    240529-wg49wsdb76

  • MD5

    667b4b6aefaf35612cbd6cda6ac83aef

  • SHA1

    c2573627141f6b46171811f70f403d941692760c

  • SHA256

    51f7853ddbd4e3fdd7ee824e3966ab8c437248607bbde8a7593bcc1441699546

  • SHA512

    8bdd1be946d45f93cd714db437670ae09f515db60538b9503aac6a77583c7c5497dc4cbc5d7d44b23a4545d8f7bc845596bae48f5665e2a26d4f8c392ee632f2

  • SSDEEP

    98304:mhTQ/fIUVnY9Q0GP7VDDX1zriflyqRfQFWjl3dm9fxf15+IicaRBaptat0Wck:O0VnY9QpPh1SUZFWw1+ZBaT3k

Malware Config

Targets

    • Target

      51f7853ddbd4e3fdd7ee824e3966ab8c437248607bbde8a7593bcc1441699546

    • Size

      6.1MB

    • MD5

      667b4b6aefaf35612cbd6cda6ac83aef

    • SHA1

      c2573627141f6b46171811f70f403d941692760c

    • SHA256

      51f7853ddbd4e3fdd7ee824e3966ab8c437248607bbde8a7593bcc1441699546

    • SHA512

      8bdd1be946d45f93cd714db437670ae09f515db60538b9503aac6a77583c7c5497dc4cbc5d7d44b23a4545d8f7bc845596bae48f5665e2a26d4f8c392ee632f2

    • SSDEEP

      98304:mhTQ/fIUVnY9Q0GP7VDDX1zriflyqRfQFWjl3dm9fxf15+IicaRBaptat0Wck:O0VnY9QpPh1SUZFWw1+ZBaT3k

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks