General

  • Target

    c9d0ac793d4136a84e5973a918776613909e19ca748efb3a9c73b54afa183cc0

  • Size

    5.1MB

  • Sample

    240530-3gbqxaeb51

  • MD5

    ec15cf78fe731a5f69f801bd6878e2f5

  • SHA1

    e55e7ffcd12f1138c7bb0d60d8671c437739ff28

  • SHA256

    c9d0ac793d4136a84e5973a918776613909e19ca748efb3a9c73b54afa183cc0

  • SHA512

    5cbccbd6574eef73d0874e8107b8c1857b5212e074998b9f64f11f397c49c7bbba8941faba3d53b972fd948031909621f85e90bd0105aa8f95c1a29a8838976f

  • SSDEEP

    98304:miTMWXYjsWqxIlHZ3OQXaKgk8jkZSOmwjLi9Dw8bSYYTt/z3a1xsppQdqRz425wn:BGIWiIdZ3jAkZSOm2ifhk/zK1upp+abe

Malware Config

Targets

    • Target

      c9d0ac793d4136a84e5973a918776613909e19ca748efb3a9c73b54afa183cc0

    • Size

      5.1MB

    • MD5

      ec15cf78fe731a5f69f801bd6878e2f5

    • SHA1

      e55e7ffcd12f1138c7bb0d60d8671c437739ff28

    • SHA256

      c9d0ac793d4136a84e5973a918776613909e19ca748efb3a9c73b54afa183cc0

    • SHA512

      5cbccbd6574eef73d0874e8107b8c1857b5212e074998b9f64f11f397c49c7bbba8941faba3d53b972fd948031909621f85e90bd0105aa8f95c1a29a8838976f

    • SSDEEP

      98304:miTMWXYjsWqxIlHZ3OQXaKgk8jkZSOmwjLi9Dw8bSYYTt/z3a1xsppQdqRz425wn:BGIWiIdZ3jAkZSOm2ifhk/zK1upp+abe

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks