General

  • Target

    9a95fbf9d004984b18f5a137522d948a39c4c32602f5bead140a713a3bd5c243

  • Size

    4.7MB

  • Sample

    240530-298qnsdg3x

  • MD5

    40c594a8fe23b8aac96f488625154b29

  • SHA1

    fa8e209ab07a78f0a3c3c1441781fb41b8b22ad7

  • SHA256

    9a95fbf9d004984b18f5a137522d948a39c4c32602f5bead140a713a3bd5c243

  • SHA512

    3febd83ff320997412a960692b39f205dcd7c73c8ec45f8c48c414bb33a6b050ff7c076c6879f76fae4edd1d98389a96c2756454e9ac162bb526022fd109632f

  • SSDEEP

    98304:mdn02sHIRxCqDMkCm2UGBN9SPF5aS8eVrRVJb4G/kf:60VHq2HBN9i86zqG/kf

Malware Config

Targets

    • Target

      9a95fbf9d004984b18f5a137522d948a39c4c32602f5bead140a713a3bd5c243

    • Size

      4.7MB

    • MD5

      40c594a8fe23b8aac96f488625154b29

    • SHA1

      fa8e209ab07a78f0a3c3c1441781fb41b8b22ad7

    • SHA256

      9a95fbf9d004984b18f5a137522d948a39c4c32602f5bead140a713a3bd5c243

    • SHA512

      3febd83ff320997412a960692b39f205dcd7c73c8ec45f8c48c414bb33a6b050ff7c076c6879f76fae4edd1d98389a96c2756454e9ac162bb526022fd109632f

    • SSDEEP

      98304:mdn02sHIRxCqDMkCm2UGBN9SPF5aS8eVrRVJb4G/kf:60VHq2HBN9i86zqG/kf

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks