General

  • Target

    c83ef9d69f90cc166514e6914b2ee9a7a900fa941d801f152f26cb214e45bce7

  • Size

    4.6MB

  • Sample

    240530-3f2kyaeb4w

  • MD5

    5e0b0000bd8231e4fa0325b5de57a058

  • SHA1

    a77831254b838917e080ec8dfe4dff0dea59467a

  • SHA256

    c83ef9d69f90cc166514e6914b2ee9a7a900fa941d801f152f26cb214e45bce7

  • SHA512

    780001bad5f52a9fe0f6d396e9e879fe8ff325c190a2b6861aeb760a649c8f56e45ba5ed86eca5b6d8aad1b9e7e652e1d7b0a3c6f621fc9627e232b04308b952

  • SSDEEP

    98304:m17qvYLxQ5Qaadrisrfuj6opDKbiP4NIF8cq5f+yt7Cayrc4:sE0FrfoJpK1cqNn7Cah4

Malware Config

Targets

    • Target

      c83ef9d69f90cc166514e6914b2ee9a7a900fa941d801f152f26cb214e45bce7

    • Size

      4.6MB

    • MD5

      5e0b0000bd8231e4fa0325b5de57a058

    • SHA1

      a77831254b838917e080ec8dfe4dff0dea59467a

    • SHA256

      c83ef9d69f90cc166514e6914b2ee9a7a900fa941d801f152f26cb214e45bce7

    • SHA512

      780001bad5f52a9fe0f6d396e9e879fe8ff325c190a2b6861aeb760a649c8f56e45ba5ed86eca5b6d8aad1b9e7e652e1d7b0a3c6f621fc9627e232b04308b952

    • SSDEEP

      98304:m17qvYLxQ5Qaadrisrfuj6opDKbiP4NIF8cq5f+yt7Cayrc4:sE0FrfoJpK1cqNn7Cah4

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks