General

  • Target

    d9c4a121fd4a0bac91a7aa17f346d263154f4c9908edb7fd9dd6aa33cd8fe8d5

  • Size

    5.7MB

  • Sample

    240530-3kc35sed3x

  • MD5

    101d4cf28806d851a6488f83d108c9db

  • SHA1

    731a797d24f24a9d37d143f1e4be0be47078335f

  • SHA256

    d9c4a121fd4a0bac91a7aa17f346d263154f4c9908edb7fd9dd6aa33cd8fe8d5

  • SHA512

    1f2c4668bda011c274053232f8d82b67759b2c67afee6f62987ac1b17fc0499ddde0ccc81ab736cc65dbfa30f506d0f38e23e44d131472872bd6625cfac56452

  • SSDEEP

    98304:mEEnIA1fLn+k29iVBXAaLkpXBs+K91bebPyGwKk48j9g8MdeLLeByJkye28S3g:Z0ZDn+k2cV6aApQ9l4PyGh4j9sde20JO

Malware Config

Targets

    • Target

      d9c4a121fd4a0bac91a7aa17f346d263154f4c9908edb7fd9dd6aa33cd8fe8d5

    • Size

      5.7MB

    • MD5

      101d4cf28806d851a6488f83d108c9db

    • SHA1

      731a797d24f24a9d37d143f1e4be0be47078335f

    • SHA256

      d9c4a121fd4a0bac91a7aa17f346d263154f4c9908edb7fd9dd6aa33cd8fe8d5

    • SHA512

      1f2c4668bda011c274053232f8d82b67759b2c67afee6f62987ac1b17fc0499ddde0ccc81ab736cc65dbfa30f506d0f38e23e44d131472872bd6625cfac56452

    • SSDEEP

      98304:mEEnIA1fLn+k29iVBXAaLkpXBs+K91bebPyGwKk48j9g8MdeLLeByJkye28S3g:Z0ZDn+k2cV6aApQ9l4PyGh4j9sde20JO

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks