General

  • Target

    37e9d46a9421806cf662b3e168af16f982b781be3a8bad44b21590fbb39ca99d

  • Size

    5.9MB

  • Sample

    240529-xyzleaef6w

  • MD5

    3f21c87343ac2570c3e8039ad1bb2dea

  • SHA1

    47dfa60ab6e601a53195dd14c6b727148a0ef185

  • SHA256

    37e9d46a9421806cf662b3e168af16f982b781be3a8bad44b21590fbb39ca99d

  • SHA512

    a72b56ce19912bee26e6c5a10a799e819850309d65735eab98075c0766161435a4da08c44ff969d7d11bcbfb3f4c094f6a880f72f8cab8fadf97ab4a673e3436

  • SSDEEP

    98304:mt834logbLItG0Vaz3ad96LPhhwWQ06NaEM4qpJ2N+YgTUjAN/ZIqckI0ihWGXiO:rsI4BqghwxaftaN+PTUMN/ZRI02U7cLJ

Malware Config

Targets

    • Target

      37e9d46a9421806cf662b3e168af16f982b781be3a8bad44b21590fbb39ca99d

    • Size

      5.9MB

    • MD5

      3f21c87343ac2570c3e8039ad1bb2dea

    • SHA1

      47dfa60ab6e601a53195dd14c6b727148a0ef185

    • SHA256

      37e9d46a9421806cf662b3e168af16f982b781be3a8bad44b21590fbb39ca99d

    • SHA512

      a72b56ce19912bee26e6c5a10a799e819850309d65735eab98075c0766161435a4da08c44ff969d7d11bcbfb3f4c094f6a880f72f8cab8fadf97ab4a673e3436

    • SSDEEP

      98304:mt834logbLItG0Vaz3ad96LPhhwWQ06NaEM4qpJ2N+YgTUjAN/ZIqckI0ihWGXiO:rsI4BqghwxaftaN+PTUMN/ZRI02U7cLJ

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks