General

  • Target

    a1db91b0c1749584e8301d3e05e2f7a2b6ed17923c127eb2943247db2f9d5bd7

  • Size

    5.4MB

  • Sample

    240530-3a44wadg6v

  • MD5

    f752a4359752ff6287f74293e32fb8a7

  • SHA1

    b56b6ca7799f239cf937a6c7f8e667d8f33d6dc1

  • SHA256

    a1db91b0c1749584e8301d3e05e2f7a2b6ed17923c127eb2943247db2f9d5bd7

  • SHA512

    cbb71ef2dfaec5b13c5761948d61e7eeeffc2b7440dd4296c68cf3b1c47984a23696678ce10cb75f9f0252c575c450e4cdeeb4bf109b2192be50802bf6f9a631

  • SSDEEP

    98304:m/pV/BrqdefnrK83x0KuUjn3AesyquQfMJwVk9TTnLkM29ixvEuCA1:gpFBr5frK8Tjn3Hsyq30KVkBbQMWixcq

Malware Config

Targets

    • Target

      a1db91b0c1749584e8301d3e05e2f7a2b6ed17923c127eb2943247db2f9d5bd7

    • Size

      5.4MB

    • MD5

      f752a4359752ff6287f74293e32fb8a7

    • SHA1

      b56b6ca7799f239cf937a6c7f8e667d8f33d6dc1

    • SHA256

      a1db91b0c1749584e8301d3e05e2f7a2b6ed17923c127eb2943247db2f9d5bd7

    • SHA512

      cbb71ef2dfaec5b13c5761948d61e7eeeffc2b7440dd4296c68cf3b1c47984a23696678ce10cb75f9f0252c575c450e4cdeeb4bf109b2192be50802bf6f9a631

    • SSDEEP

      98304:m/pV/BrqdefnrK83x0KuUjn3AesyquQfMJwVk9TTnLkM29ixvEuCA1:gpFBr5frK8Tjn3Hsyq30KVkBbQMWixcq

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks