General

  • Target

    8846988e2cb98bed3839422a0da1db26ed7a502de3e5ae0a7c9c7a6905e2e405

  • Size

    5.9MB

  • Sample

    240529-z8qscsba79

  • MD5

    0d60837c8b9bbbc73970e024eeb28f0e

  • SHA1

    60c09cba0423198f3c4d0763e06bbfe1f9927330

  • SHA256

    8846988e2cb98bed3839422a0da1db26ed7a502de3e5ae0a7c9c7a6905e2e405

  • SHA512

    2dffd5ee8a505dc994dbd231ec47ea564c36a69208be32b47cbb621739fb9c850474ac5983100134248ac93fcc13a6cb173c099e3540a9a9fcf64b42d681e905

  • SSDEEP

    98304:mKTiXWeVmrdrpxsSiiy1jJBG5oN4/Z1xH734etcmBY5vUKFBB6wW:xlrrsSiTJru7x7hlrWWN

Malware Config

Targets

    • Target

      8846988e2cb98bed3839422a0da1db26ed7a502de3e5ae0a7c9c7a6905e2e405

    • Size

      5.9MB

    • MD5

      0d60837c8b9bbbc73970e024eeb28f0e

    • SHA1

      60c09cba0423198f3c4d0763e06bbfe1f9927330

    • SHA256

      8846988e2cb98bed3839422a0da1db26ed7a502de3e5ae0a7c9c7a6905e2e405

    • SHA512

      2dffd5ee8a505dc994dbd231ec47ea564c36a69208be32b47cbb621739fb9c850474ac5983100134248ac93fcc13a6cb173c099e3540a9a9fcf64b42d681e905

    • SSDEEP

      98304:mKTiXWeVmrdrpxsSiiy1jJBG5oN4/Z1xH734etcmBY5vUKFBB6wW:xlrrsSiTJru7x7hlrWWN

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks