General

  • Target

    ccc148939e8ea297e741262d84e20ce64643736e9f294765cc0b8ca5eb9220c8

  • Size

    5.6MB

  • Sample

    240530-3gn18sfb25

  • MD5

    67c7a76b54e59f1ede8452b81e211b95

  • SHA1

    28404b83e16833a4953254fc3411ab281730f3c5

  • SHA256

    ccc148939e8ea297e741262d84e20ce64643736e9f294765cc0b8ca5eb9220c8

  • SHA512

    8bf5e4a4ae4af6d08c6d5eb7f4619d556020ea166e35740cef2584b5862f37bd047a5df91bf7ab899048e2b5a58c0f1f2dc5e11b990bf45f4ae6a22ad14c02c3

  • SSDEEP

    98304:m/XhC5l6JHABAZkNCik1+6c0T2HdZVeh3/Jz5PUquK40WB1kv3yG8F/5Wd5peT0F:WeAqNePY9oJuKD41GiN/ua0MY3

Malware Config

Targets

    • Target

      ccc148939e8ea297e741262d84e20ce64643736e9f294765cc0b8ca5eb9220c8

    • Size

      5.6MB

    • MD5

      67c7a76b54e59f1ede8452b81e211b95

    • SHA1

      28404b83e16833a4953254fc3411ab281730f3c5

    • SHA256

      ccc148939e8ea297e741262d84e20ce64643736e9f294765cc0b8ca5eb9220c8

    • SHA512

      8bf5e4a4ae4af6d08c6d5eb7f4619d556020ea166e35740cef2584b5862f37bd047a5df91bf7ab899048e2b5a58c0f1f2dc5e11b990bf45f4ae6a22ad14c02c3

    • SSDEEP

      98304:m/XhC5l6JHABAZkNCik1+6c0T2HdZVeh3/Jz5PUquK40WB1kv3yG8F/5Wd5peT0F:WeAqNePY9oJuKD41GiN/ua0MY3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks