General

  • Target

    7b40e1703dd97dc879cd6646029d52a8d887175f16f9b8c8e0ace965598c0a8e

  • Size

    5.4MB

  • Sample

    240530-24rj7sed26

  • MD5

    dc3cf6bf97466c669572e44ac10fff14

  • SHA1

    76a0146d6eafa0339081624bfdd5a3f750374df1

  • SHA256

    7b40e1703dd97dc879cd6646029d52a8d887175f16f9b8c8e0ace965598c0a8e

  • SHA512

    228160788ff5ecd4e424aa484e5699101fe2177b89db839d95378bb64969dfe2ac8e3af7694a8bafbfe37c6be22f009db0ac0efc3bfae1b672ed5165c0e1e37c

  • SSDEEP

    98304:mc6Q3a5Nd1zhlWNGpA1iVBt6VjkwgzjhODPeCawxEx1W6iA6RaYRjBpwzD6PNiY:Z3qNd1CU5ujIQDPeCaoECglYOD6J

Malware Config

Targets

    • Target

      7b40e1703dd97dc879cd6646029d52a8d887175f16f9b8c8e0ace965598c0a8e

    • Size

      5.4MB

    • MD5

      dc3cf6bf97466c669572e44ac10fff14

    • SHA1

      76a0146d6eafa0339081624bfdd5a3f750374df1

    • SHA256

      7b40e1703dd97dc879cd6646029d52a8d887175f16f9b8c8e0ace965598c0a8e

    • SHA512

      228160788ff5ecd4e424aa484e5699101fe2177b89db839d95378bb64969dfe2ac8e3af7694a8bafbfe37c6be22f009db0ac0efc3bfae1b672ed5165c0e1e37c

    • SSDEEP

      98304:mc6Q3a5Nd1zhlWNGpA1iVBt6VjkwgzjhODPeCawxEx1W6iA6RaYRjBpwzD6PNiY:Z3qNd1CU5ujIQDPeCaoECglYOD6J

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks