General

  • Target

    7e974c279a3a2497a9a6622f11930de807d10a4d1e53f102879960c1b72bf57c

  • Size

    6.0MB

  • Sample

    240529-xhvmhseg36

  • MD5

    8a8485863a72393d01aab1526706d98e

  • SHA1

    79c723e8052ae76644a28dbef1e3b3e07925257b

  • SHA256

    7e974c279a3a2497a9a6622f11930de807d10a4d1e53f102879960c1b72bf57c

  • SHA512

    7e1412b0b3346f3a884667b437905ecf018235967a3294b756045964f6e7fc84217bd6befc4aeea3be7b27e1db96a80ab0ebd823a130d6433578ed5552b22a8a

  • SSDEEP

    98304:mY/z0J182Lsnjp4Up+kfAVzoS5UNd/W05GkVygbL/iRxUqDmuUIL0AMGfL1MYS7m://w7MV4+jQoESnG0vikAOtg1BS6

Malware Config

Targets

    • Target

      7e974c279a3a2497a9a6622f11930de807d10a4d1e53f102879960c1b72bf57c

    • Size

      6.0MB

    • MD5

      8a8485863a72393d01aab1526706d98e

    • SHA1

      79c723e8052ae76644a28dbef1e3b3e07925257b

    • SHA256

      7e974c279a3a2497a9a6622f11930de807d10a4d1e53f102879960c1b72bf57c

    • SHA512

      7e1412b0b3346f3a884667b437905ecf018235967a3294b756045964f6e7fc84217bd6befc4aeea3be7b27e1db96a80ab0ebd823a130d6433578ed5552b22a8a

    • SSDEEP

      98304:mY/z0J182Lsnjp4Up+kfAVzoS5UNd/W05GkVygbL/iRxUqDmuUIL0AMGfL1MYS7m://w7MV4+jQoESnG0vikAOtg1BS6

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks