General

  • Target

    783c1d97dde6a73f76e0ef316048685e822c78a455b80e9041a2cb55005ca716

  • Size

    5.6MB

  • Sample

    240530-24cfaaec84

  • MD5

    c21c10b06ba0f47db962f7458bd8e464

  • SHA1

    a7658a05fcd8bfbb421086c12fc3bc55a34ff138

  • SHA256

    783c1d97dde6a73f76e0ef316048685e822c78a455b80e9041a2cb55005ca716

  • SHA512

    1a393079afcd4cb87e527c6beb8952fa13191dceda8f1c1a0376c3d7572f071a228184dafb262d7c7021d6953adcee86cc83f4ce82a2c0ba0d45484067d3e545

  • SSDEEP

    98304:mJ+QyhtXOgysCvAisZ0argtaj2ThmtjJ4tiL/oK+rDqwZSDTiE3SdyK+J4bNy3:o+9VO9BvbFaEstCti772NmB3CP+JN3

Malware Config

Targets

    • Target

      783c1d97dde6a73f76e0ef316048685e822c78a455b80e9041a2cb55005ca716

    • Size

      5.6MB

    • MD5

      c21c10b06ba0f47db962f7458bd8e464

    • SHA1

      a7658a05fcd8bfbb421086c12fc3bc55a34ff138

    • SHA256

      783c1d97dde6a73f76e0ef316048685e822c78a455b80e9041a2cb55005ca716

    • SHA512

      1a393079afcd4cb87e527c6beb8952fa13191dceda8f1c1a0376c3d7572f071a228184dafb262d7c7021d6953adcee86cc83f4ce82a2c0ba0d45484067d3e545

    • SSDEEP

      98304:mJ+QyhtXOgysCvAisZ0argtaj2ThmtjJ4tiL/oK+rDqwZSDTiE3SdyK+J4bNy3:o+9VO9BvbFaEstCti772NmB3CP+JN3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks