General

  • Target

    7d77a37d5201054470ebc803edc64fd81cf97e00f76eb1a2a3f6b95f11c7bc18

  • Size

    4.9MB

  • Sample

    240530-2414msdd51

  • MD5

    b3345348fa5be73d0855e6830dffe5db

  • SHA1

    896f1b8fe82f5b20b980133c05e158eee8a97a7b

  • SHA256

    7d77a37d5201054470ebc803edc64fd81cf97e00f76eb1a2a3f6b95f11c7bc18

  • SHA512

    562093480fbef3884966d8205b96343c806a674a00ac7614f62ee718b7d51ea304d9cc78c89e186aabd6d299e33db1a267d78596d46fbeed13c0d01b5945cf16

  • SSDEEP

    98304:m3AmYYC77fhgDi/hNd1b1yGPhoW3pZTWxCWgae6zdBBYTwA:sYh775td1b1rvTMXFe6zdk9

Malware Config

Targets

    • Target

      7d77a37d5201054470ebc803edc64fd81cf97e00f76eb1a2a3f6b95f11c7bc18

    • Size

      4.9MB

    • MD5

      b3345348fa5be73d0855e6830dffe5db

    • SHA1

      896f1b8fe82f5b20b980133c05e158eee8a97a7b

    • SHA256

      7d77a37d5201054470ebc803edc64fd81cf97e00f76eb1a2a3f6b95f11c7bc18

    • SHA512

      562093480fbef3884966d8205b96343c806a674a00ac7614f62ee718b7d51ea304d9cc78c89e186aabd6d299e33db1a267d78596d46fbeed13c0d01b5945cf16

    • SSDEEP

      98304:m3AmYYC77fhgDi/hNd1b1yGPhoW3pZTWxCWgae6zdBBYTwA:sYh775td1b1rvTMXFe6zdk9

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks