General

  • Target

    b96ceb562224002f161d44be58ed85a46f241cb7220e28826a9cd3bddae5c937

  • Size

    4.7MB

  • Sample

    240530-3dz94adh9x

  • MD5

    bd776ba0bf09270b61ba34d29e566a1a

  • SHA1

    3ec6f6fadd1fc1cb02ce3bb707d210195d8394cd

  • SHA256

    b96ceb562224002f161d44be58ed85a46f241cb7220e28826a9cd3bddae5c937

  • SHA512

    8e47d5c4646ab82f85d706aaacf554b7fe263526e98523685607ebc5679bfa129367ea0b46264c51865607ed8359a6ad43ec9e05680c1e5957ff45b7c78ee569

  • SSDEEP

    98304:mPfwxUU20i2rdreAPMVjGM5hnmddpmSHf7auuUNo8xfcZ/BdtsJ:W0RxreaMcM5hng4SHf7au5o4fA/BPsJ

Malware Config

Targets

    • Target

      b96ceb562224002f161d44be58ed85a46f241cb7220e28826a9cd3bddae5c937

    • Size

      4.7MB

    • MD5

      bd776ba0bf09270b61ba34d29e566a1a

    • SHA1

      3ec6f6fadd1fc1cb02ce3bb707d210195d8394cd

    • SHA256

      b96ceb562224002f161d44be58ed85a46f241cb7220e28826a9cd3bddae5c937

    • SHA512

      8e47d5c4646ab82f85d706aaacf554b7fe263526e98523685607ebc5679bfa129367ea0b46264c51865607ed8359a6ad43ec9e05680c1e5957ff45b7c78ee569

    • SSDEEP

      98304:mPfwxUU20i2rdreAPMVjGM5hnmddpmSHf7auuUNo8xfcZ/BdtsJ:W0RxreaMcM5hng4SHf7au5o4fA/BPsJ

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks