General

  • Target

    dd1764b6eb2e9934c203e57ccb503be0bf9bcb9529600e54cb7fe50f95017389

  • Size

    5.4MB

  • Sample

    240530-3k1t7sed6s

  • MD5

    f7778be1bb26d36c7530bbbefd7ed138

  • SHA1

    f4a137e5a58de4ca26ca4e5e16194a71d92218ca

  • SHA256

    dd1764b6eb2e9934c203e57ccb503be0bf9bcb9529600e54cb7fe50f95017389

  • SHA512

    03f985b246a20b7be718b1163f3294972b90a9afaf5582d17a9d29bad4dccade2fe2f6ba2eed99ea9f8a023e725047350c92b21e75e5ef1b7ac9e259f697d8ea

  • SSDEEP

    98304:mSVliMOizA5p6elAsP1krkiUu4T2wo/f5BjUn/jYptAqaM5oynrhCqvoUveXID/r:hl97zA58elAokPUubwW5ZSjYNYKhCEoM

Malware Config

Targets

    • Target

      dd1764b6eb2e9934c203e57ccb503be0bf9bcb9529600e54cb7fe50f95017389

    • Size

      5.4MB

    • MD5

      f7778be1bb26d36c7530bbbefd7ed138

    • SHA1

      f4a137e5a58de4ca26ca4e5e16194a71d92218ca

    • SHA256

      dd1764b6eb2e9934c203e57ccb503be0bf9bcb9529600e54cb7fe50f95017389

    • SHA512

      03f985b246a20b7be718b1163f3294972b90a9afaf5582d17a9d29bad4dccade2fe2f6ba2eed99ea9f8a023e725047350c92b21e75e5ef1b7ac9e259f697d8ea

    • SSDEEP

      98304:mSVliMOizA5p6elAsP1krkiUu4T2wo/f5BjUn/jYptAqaM5oynrhCqvoUveXID/r:hl97zA58elAokPUubwW5ZSjYNYKhCEoM

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks