General

  • Target

    d1977f92e1913401680353aefc4947d9916a4ec056525502d4df604baffdebd1

  • Size

    4.6MB

  • Sample

    240530-3h1resfb96

  • MD5

    0018670e46b0e36f3de0e76f3c7c4356

  • SHA1

    24df13d7a321afbb969494b19b7afb5c5f3acf14

  • SHA256

    d1977f92e1913401680353aefc4947d9916a4ec056525502d4df604baffdebd1

  • SHA512

    4f49c81f2dbfd9d4f7b018ba33ab870243862d448508e03470d929e3900c1ec1c209ec28245ec143a0a17f3c348a7b2cd91cb60f558419fedff0b8d6be5dba81

  • SSDEEP

    98304:m/6T9ZwXzrk1xYDPY/2vbVVhoojVUJ4UD0t3IdLbzhs8U3BzI:7p2Xzr1M2VbLsSWRqzI

Malware Config

Targets

    • Target

      d1977f92e1913401680353aefc4947d9916a4ec056525502d4df604baffdebd1

    • Size

      4.6MB

    • MD5

      0018670e46b0e36f3de0e76f3c7c4356

    • SHA1

      24df13d7a321afbb969494b19b7afb5c5f3acf14

    • SHA256

      d1977f92e1913401680353aefc4947d9916a4ec056525502d4df604baffdebd1

    • SHA512

      4f49c81f2dbfd9d4f7b018ba33ab870243862d448508e03470d929e3900c1ec1c209ec28245ec143a0a17f3c348a7b2cd91cb60f558419fedff0b8d6be5dba81

    • SSDEEP

      98304:m/6T9ZwXzrk1xYDPY/2vbVVhoojVUJ4UD0t3IdLbzhs8U3BzI:7p2Xzr1M2VbLsSWRqzI

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks