General

  • Target

    7525da42711f4c3d8bdddea4d1006536c64e861d887ba4b33f8c6bfa0f6508fa

  • Size

    4.7MB

  • Sample

    240530-23129add2t

  • MD5

    b5899008e5f7a6ca4ca59764e5e3d83f

  • SHA1

    2e865f27ca189e1decb014d3bb6a49051d47fc05

  • SHA256

    7525da42711f4c3d8bdddea4d1006536c64e861d887ba4b33f8c6bfa0f6508fa

  • SHA512

    99d4a5687d2f5c6f84f68c7f147e817fc6d58d67810dd5989c349393a7924759ea1bd40960eb1d33c0a150336fc4fa27c84f11352c95c803df58e59b0a09fd40

  • SSDEEP

    98304:m3ZbxloJ0KJuRZhope9aEegp5P9hUHNKBYQr3oD8pKys/C4:AFIbuz2g5Jppa98kys/C4

Malware Config

Targets

    • Target

      7525da42711f4c3d8bdddea4d1006536c64e861d887ba4b33f8c6bfa0f6508fa

    • Size

      4.7MB

    • MD5

      b5899008e5f7a6ca4ca59764e5e3d83f

    • SHA1

      2e865f27ca189e1decb014d3bb6a49051d47fc05

    • SHA256

      7525da42711f4c3d8bdddea4d1006536c64e861d887ba4b33f8c6bfa0f6508fa

    • SHA512

      99d4a5687d2f5c6f84f68c7f147e817fc6d58d67810dd5989c349393a7924759ea1bd40960eb1d33c0a150336fc4fa27c84f11352c95c803df58e59b0a09fd40

    • SSDEEP

      98304:m3ZbxloJ0KJuRZhope9aEegp5P9hUHNKBYQr3oD8pKys/C4:AFIbuz2g5Jppa98kys/C4

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks