General

  • Target

    6f65c16dd87e7ce92440e485f1dd593a3020e31f130f024457748c8787c6678b

  • Size

    5.6MB

  • Sample

    240530-22vh3sec33

  • MD5

    393acc3aa4755b510bd773b952c31b8c

  • SHA1

    3eec07a5ca298edcf492defeb966292eab9f9e9f

  • SHA256

    6f65c16dd87e7ce92440e485f1dd593a3020e31f130f024457748c8787c6678b

  • SHA512

    36222b01bf920077e7f8963dffda7cbb40241e69bf406a85e9b0a9840c603b56e5ee1358d10cc284822744671a50a10c13d1dbfcb7497094230838b4d6273730

  • SSDEEP

    98304:mY82nfVSWrJFTDGFWwZ+7SJ7gJcHqu2BTf121DMu3EkWiUkKcnjiQvTbhC9Y:u2UGRDM+7SJ70Bz2wujKcnuiFgY

Malware Config

Targets

    • Target

      6f65c16dd87e7ce92440e485f1dd593a3020e31f130f024457748c8787c6678b

    • Size

      5.6MB

    • MD5

      393acc3aa4755b510bd773b952c31b8c

    • SHA1

      3eec07a5ca298edcf492defeb966292eab9f9e9f

    • SHA256

      6f65c16dd87e7ce92440e485f1dd593a3020e31f130f024457748c8787c6678b

    • SHA512

      36222b01bf920077e7f8963dffda7cbb40241e69bf406a85e9b0a9840c603b56e5ee1358d10cc284822744671a50a10c13d1dbfcb7497094230838b4d6273730

    • SSDEEP

      98304:mY82nfVSWrJFTDGFWwZ+7SJ7gJcHqu2BTf121DMu3EkWiUkKcnjiQvTbhC9Y:u2UGRDM+7SJ70Bz2wujKcnuiFgY

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks