General

  • Target

    94a9c324eec40be995dbff24b204a0b65dcce2ab652a16527860b8722d1c818c

  • Size

    5.7MB

  • Sample

    240530-3jc2rafc37

  • MD5

    6600a5d4e1504d87bd1db76fbf5852c3

  • SHA1

    02a51b1b625ee96550233edf31cc7fee211f1670

  • SHA256

    94a9c324eec40be995dbff24b204a0b65dcce2ab652a16527860b8722d1c818c

  • SHA512

    c06d774ae5627a8e043628d88daa95b2c8aba6eca40885d48c56e1bb66554a6db5bcfe142a204c50a911d7864515a7d2b644fc748701a851c205ccdab43dd8fe

  • SSDEEP

    98304:ml1Sesg5elabN5qUII/iWj2YzRju3GUEaJvEyopAWcgjLn3:G1Slly/qwj2CRnUE39x3

Malware Config

Targets

    • Target

      94a9c324eec40be995dbff24b204a0b65dcce2ab652a16527860b8722d1c818c

    • Size

      5.7MB

    • MD5

      6600a5d4e1504d87bd1db76fbf5852c3

    • SHA1

      02a51b1b625ee96550233edf31cc7fee211f1670

    • SHA256

      94a9c324eec40be995dbff24b204a0b65dcce2ab652a16527860b8722d1c818c

    • SHA512

      c06d774ae5627a8e043628d88daa95b2c8aba6eca40885d48c56e1bb66554a6db5bcfe142a204c50a911d7864515a7d2b644fc748701a851c205ccdab43dd8fe

    • SSDEEP

      98304:ml1Sesg5elabN5qUII/iWj2YzRju3GUEaJvEyopAWcgjLn3:G1Slly/qwj2CRnUE39x3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks