General

  • Target

    8f413266e2d8a47033cfcc1a7decb7abcb0ab27ff259881365336172c376b598

  • Size

    5.0MB

  • Sample

    240530-2733eade9y

  • MD5

    81ec0374666924a727b2195fef2f395d

  • SHA1

    a8daa020764463bd37081aafe6d1a158bf07499b

  • SHA256

    8f413266e2d8a47033cfcc1a7decb7abcb0ab27ff259881365336172c376b598

  • SHA512

    b4cc06d460ccdf9216389f806d812bbfff3ff1ff3a43f7b11a44df0f396314d0575f5c05a3f7013418c44de9e00a275be0cd256aa6ec20c6df8a123961907805

  • SSDEEP

    98304:m4yR1cRVXcCPfTSTwRhvRN1IkUwRbBOsBYfHVCETjPWU9yGqpyWW7ZuKCbr:FE1sffTkwz1FUwRtBYfpTj+U90EWe8br

Malware Config

Targets

    • Target

      8f413266e2d8a47033cfcc1a7decb7abcb0ab27ff259881365336172c376b598

    • Size

      5.0MB

    • MD5

      81ec0374666924a727b2195fef2f395d

    • SHA1

      a8daa020764463bd37081aafe6d1a158bf07499b

    • SHA256

      8f413266e2d8a47033cfcc1a7decb7abcb0ab27ff259881365336172c376b598

    • SHA512

      b4cc06d460ccdf9216389f806d812bbfff3ff1ff3a43f7b11a44df0f396314d0575f5c05a3f7013418c44de9e00a275be0cd256aa6ec20c6df8a123961907805

    • SSDEEP

      98304:m4yR1cRVXcCPfTSTwRhvRN1IkUwRbBOsBYfHVCETjPWU9yGqpyWW7ZuKCbr:FE1sffTkwz1FUwRtBYfpTj+U90EWe8br

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks