General

  • Target

    40fcbfc98e137901fd2aaf6ef8acd96c8c5e3cb91eebcfa64a927a6d78f8ac28

  • Size

    6.0MB

  • Sample

    240529-y39gvahd82

  • MD5

    d51bf7907c0524801ea06ff93f3adf2f

  • SHA1

    43ce065024351f6ebff5e476e11979decdc62d17

  • SHA256

    40fcbfc98e137901fd2aaf6ef8acd96c8c5e3cb91eebcfa64a927a6d78f8ac28

  • SHA512

    f1893c0b085b76bc9c6ea5b29042f39aa0f878d3efba5ee128d3f04fd683027db986b0080c8acd2335ec503697f59ec478c31ee782ec741a42e248bfe5233343

  • SSDEEP

    98304:mjbNPKmBrFIq1gFUCY68/tXeUlGhneBy8TcaxmX+wy1bht9OoKhQbLvUw6sDb:INPrVFItFUCetXeUQZ8TKydhfOmYO

Malware Config

Targets

    • Target

      40fcbfc98e137901fd2aaf6ef8acd96c8c5e3cb91eebcfa64a927a6d78f8ac28

    • Size

      6.0MB

    • MD5

      d51bf7907c0524801ea06ff93f3adf2f

    • SHA1

      43ce065024351f6ebff5e476e11979decdc62d17

    • SHA256

      40fcbfc98e137901fd2aaf6ef8acd96c8c5e3cb91eebcfa64a927a6d78f8ac28

    • SHA512

      f1893c0b085b76bc9c6ea5b29042f39aa0f878d3efba5ee128d3f04fd683027db986b0080c8acd2335ec503697f59ec478c31ee782ec741a42e248bfe5233343

    • SSDEEP

      98304:mjbNPKmBrFIq1gFUCY68/tXeUlGhneBy8TcaxmX+wy1bht9OoKhQbLvUw6sDb:INPrVFItFUCetXeUQZ8TKydhfOmYO

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks