General

  • Target

    a8e6a9d1c90bc3dcda4365a23bf7d85c4c3c15f0803274d18705bcf28313dd71

  • Size

    5.7MB

  • Sample

    240530-3btpjaeg65

  • MD5

    8f666e8138d61f279c843c5dd31abef0

  • SHA1

    c22afd863e48d3e1832846e738f3f48254292927

  • SHA256

    a8e6a9d1c90bc3dcda4365a23bf7d85c4c3c15f0803274d18705bcf28313dd71

  • SHA512

    6a4610793d57d5182e8c82c8228d2bd350fd073646177121d3434f93386781fb55caa9f7ec606935a555960ffe9ea7093cbeed88bc523bef41eaed8b51c8d293

  • SSDEEP

    98304:macOg7Lmqg3mwwHsMVYA7DJXNCDTzEWVnN+94zE4Y3ZFe8btyoNHtbBS9DAW+:nZAxZzxVYA77wTzEAnERbeY8oNNc8W+

Malware Config

Targets

    • Target

      a8e6a9d1c90bc3dcda4365a23bf7d85c4c3c15f0803274d18705bcf28313dd71

    • Size

      5.7MB

    • MD5

      8f666e8138d61f279c843c5dd31abef0

    • SHA1

      c22afd863e48d3e1832846e738f3f48254292927

    • SHA256

      a8e6a9d1c90bc3dcda4365a23bf7d85c4c3c15f0803274d18705bcf28313dd71

    • SHA512

      6a4610793d57d5182e8c82c8228d2bd350fd073646177121d3434f93386781fb55caa9f7ec606935a555960ffe9ea7093cbeed88bc523bef41eaed8b51c8d293

    • SSDEEP

      98304:macOg7Lmqg3mwwHsMVYA7DJXNCDTzEWVnN+94zE4Y3ZFe8btyoNHtbBS9DAW+:nZAxZzxVYA77wTzEAnERbeY8oNNc8W+

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks