General

  • Target

    7273e7645a60458c2801469ecfca1263bf690bc3ad35b45e5dad435bca39fe0f

  • Size

    6.2MB

  • Sample

    240530-23q72sdc8y

  • MD5

    779347d281a6d3603170652984edc193

  • SHA1

    3a8e5ce8829b2643066c1b997fcd759cead4d684

  • SHA256

    7273e7645a60458c2801469ecfca1263bf690bc3ad35b45e5dad435bca39fe0f

  • SHA512

    c28ceae064d440beea2a02fee96b153800603ea3587f7d6f5f53e7104ca84ed6cbf5e1cde20d846b32d100ae678d4e2d86c160ab86ee8be229b75380cc92f112

  • SSDEEP

    196608:tWn2tin1FJ97SdPgT4hcQ5dAhAb4Ld8ODzxDqR:snTb4PgkhgAELWODzxqR

Malware Config

Targets

    • Target

      7273e7645a60458c2801469ecfca1263bf690bc3ad35b45e5dad435bca39fe0f

    • Size

      6.2MB

    • MD5

      779347d281a6d3603170652984edc193

    • SHA1

      3a8e5ce8829b2643066c1b997fcd759cead4d684

    • SHA256

      7273e7645a60458c2801469ecfca1263bf690bc3ad35b45e5dad435bca39fe0f

    • SHA512

      c28ceae064d440beea2a02fee96b153800603ea3587f7d6f5f53e7104ca84ed6cbf5e1cde20d846b32d100ae678d4e2d86c160ab86ee8be229b75380cc92f112

    • SSDEEP

      196608:tWn2tin1FJ97SdPgT4hcQ5dAhAb4Ld8ODzxDqR:snTb4PgkhgAELWODzxqR

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks