General

  • Target

    d73eb132984393b10b3f5f89c63e9ca0ddcf721e9b95df9455c1e1623ffd6546

  • Size

    4.7MB

  • Sample

    240530-3j7lcsed21

  • MD5

    80db4c08bc8eb6bfbc001a85b3734264

  • SHA1

    c8135c9f28fa807a27ecdaf24bd44d2deb2d8ab4

  • SHA256

    d73eb132984393b10b3f5f89c63e9ca0ddcf721e9b95df9455c1e1623ffd6546

  • SHA512

    c2c273a3ab09bc1d02f814e3fb141d978374a709c82086b3c30c91a0451d4a0780b18eb6955af32816bebb4e411fbf7ea523125b7d0b6caa0db68affb2301ab8

  • SSDEEP

    98304:mpHH+xQ7qGhBsoS7P/891YW/pJNIMtaCUz83BCzb9+tq2apo5O4:0H+chm//8XH/iMwCUkBab912auc4

Malware Config

Targets

    • Target

      d73eb132984393b10b3f5f89c63e9ca0ddcf721e9b95df9455c1e1623ffd6546

    • Size

      4.7MB

    • MD5

      80db4c08bc8eb6bfbc001a85b3734264

    • SHA1

      c8135c9f28fa807a27ecdaf24bd44d2deb2d8ab4

    • SHA256

      d73eb132984393b10b3f5f89c63e9ca0ddcf721e9b95df9455c1e1623ffd6546

    • SHA512

      c2c273a3ab09bc1d02f814e3fb141d978374a709c82086b3c30c91a0451d4a0780b18eb6955af32816bebb4e411fbf7ea523125b7d0b6caa0db68affb2301ab8

    • SSDEEP

      98304:mpHH+xQ7qGhBsoS7P/891YW/pJNIMtaCUz83BCzb9+tq2apo5O4:0H+chm//8XH/iMwCUkBab912auc4

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks