General

  • Target

    9e450f98091652903661cf677316ce8445c01f15ac074b1559c4b3549a38f67e

  • Size

    4.7MB

  • Sample

    240530-3aqw9adg4z

  • MD5

    e8d2a5eb46df8d9a6e808310c8cf36cd

  • SHA1

    673d5c34521b4d7f762ffb5af245d7fff54c6066

  • SHA256

    9e450f98091652903661cf677316ce8445c01f15ac074b1559c4b3549a38f67e

  • SHA512

    46c94e08aec25adeec6d74d2425b0ad47410827938abd0b4dbd1ce83d9ad49822164576ff56fdc6e0073febc9bd0d373088f8af82437cdefbec53c2c1a185aee

  • SSDEEP

    98304:mfZlDpWJhvoYtxQA6uRYacDQzZjc2r+BU7D6ohTjZZ66pC:8DMXQY/6uaTUFjcVs6ohBcuC

Malware Config

Targets

    • Target

      9e450f98091652903661cf677316ce8445c01f15ac074b1559c4b3549a38f67e

    • Size

      4.7MB

    • MD5

      e8d2a5eb46df8d9a6e808310c8cf36cd

    • SHA1

      673d5c34521b4d7f762ffb5af245d7fff54c6066

    • SHA256

      9e450f98091652903661cf677316ce8445c01f15ac074b1559c4b3549a38f67e

    • SHA512

      46c94e08aec25adeec6d74d2425b0ad47410827938abd0b4dbd1ce83d9ad49822164576ff56fdc6e0073febc9bd0d373088f8af82437cdefbec53c2c1a185aee

    • SSDEEP

      98304:mfZlDpWJhvoYtxQA6uRYacDQzZjc2r+BU7D6ohTjZZ66pC:8DMXQY/6uaTUFjcVs6ohBcuC

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks