General

  • Target

    b0e745a97bce6d27c5cbea7ad0d1919f3c08ad37f73281a4666ef3c0d36ac192

  • Size

    5.7MB

  • Sample

    240530-3cwkhseh27

  • MD5

    48c7b8e1886b0875292e4cfb341ad217

  • SHA1

    222643a33da793cff45da3091fd076c5fa33efce

  • SHA256

    b0e745a97bce6d27c5cbea7ad0d1919f3c08ad37f73281a4666ef3c0d36ac192

  • SHA512

    bc594b177d85ca5836af094e7d2f4477788e4c143130bcd2dba55a5eb0c83edd72a089b29dbfb54b2991bd7b92604f7f701ef5a7e8cd94bd250dd5fe3432c635

  • SSDEEP

    98304:mcQpQ9DT+JCCmzs+HE6yyurVaRF/J0DFiYuCrHcMH8kqqOWhkgPTuE3:QQdaUCmzHXImR1YuCzgtWi0TL3

Malware Config

Targets

    • Target

      b0e745a97bce6d27c5cbea7ad0d1919f3c08ad37f73281a4666ef3c0d36ac192

    • Size

      5.7MB

    • MD5

      48c7b8e1886b0875292e4cfb341ad217

    • SHA1

      222643a33da793cff45da3091fd076c5fa33efce

    • SHA256

      b0e745a97bce6d27c5cbea7ad0d1919f3c08ad37f73281a4666ef3c0d36ac192

    • SHA512

      bc594b177d85ca5836af094e7d2f4477788e4c143130bcd2dba55a5eb0c83edd72a089b29dbfb54b2991bd7b92604f7f701ef5a7e8cd94bd250dd5fe3432c635

    • SSDEEP

      98304:mcQpQ9DT+JCCmzs+HE6yyurVaRF/J0DFiYuCrHcMH8kqqOWhkgPTuE3:QQdaUCmzHXImR1YuCzgtWi0TL3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks