General

  • Target

    9863189f38628e645946b6d3468b285087a61a32c81d64d7aac430d17555279e

  • Size

    6.0MB

  • Sample

    240530-29t8aaef74

  • MD5

    8f3124bb377db527e8b9358de79ab1ed

  • SHA1

    6acbc1565036c00e6346459f7b811051a279065f

  • SHA256

    9863189f38628e645946b6d3468b285087a61a32c81d64d7aac430d17555279e

  • SHA512

    3a33a06262b04594dafc3a0ae59752a2f9ca83fa345a2b7f4e487462be5ab0f2f7f769720079c403c78a691345af8f3e5ac6c7da02566ca07dd351c3ad0e0ed0

  • SSDEEP

    98304:mMvMmeFzkU9JxBAvkZZr9Wkyj+9oZ7j8Q0fUHwQQVJRmAlaDDfrtplMoqh6s3eiJ:5vhKzhJDuOr9bGlwQQHRmOa/rP9+6bEL

Malware Config

Targets

    • Target

      9863189f38628e645946b6d3468b285087a61a32c81d64d7aac430d17555279e

    • Size

      6.0MB

    • MD5

      8f3124bb377db527e8b9358de79ab1ed

    • SHA1

      6acbc1565036c00e6346459f7b811051a279065f

    • SHA256

      9863189f38628e645946b6d3468b285087a61a32c81d64d7aac430d17555279e

    • SHA512

      3a33a06262b04594dafc3a0ae59752a2f9ca83fa345a2b7f4e487462be5ab0f2f7f769720079c403c78a691345af8f3e5ac6c7da02566ca07dd351c3ad0e0ed0

    • SSDEEP

      98304:mMvMmeFzkU9JxBAvkZZr9Wkyj+9oZ7j8Q0fUHwQQVJRmAlaDDfrtplMoqh6s3eiJ:5vhKzhJDuOr9bGlwQQHRmOa/rP9+6bEL

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks