General

  • Target

    de749de6b3ee2b2af538c6bfeb61841cfb7e5d11143673413ce47ff7a2272f1d

  • Size

    4.5MB

  • Sample

    240530-3lfknafd48

  • MD5

    cf382967ece6db94f2d9de0dc462679f

  • SHA1

    a0434f214b65e0420a907c815b2a6569d2b66a9b

  • SHA256

    de749de6b3ee2b2af538c6bfeb61841cfb7e5d11143673413ce47ff7a2272f1d

  • SHA512

    5d9cd101da48b29deedee7d0908928d9412fc47f43929f1df18e7bd0ea1277ee197376a3453f5c1cb49801a7304fc8f2fad242ca9cc55d8a946c565edf9facd5

  • SSDEEP

    98304:m82QgIvBjv9Fc4NawOdBxoxo2iRdwQTdYxtYgv0zgh:B2ihLzTOdXw6RdwQRYXH0zgh

Malware Config

Targets

    • Target

      de749de6b3ee2b2af538c6bfeb61841cfb7e5d11143673413ce47ff7a2272f1d

    • Size

      4.5MB

    • MD5

      cf382967ece6db94f2d9de0dc462679f

    • SHA1

      a0434f214b65e0420a907c815b2a6569d2b66a9b

    • SHA256

      de749de6b3ee2b2af538c6bfeb61841cfb7e5d11143673413ce47ff7a2272f1d

    • SHA512

      5d9cd101da48b29deedee7d0908928d9412fc47f43929f1df18e7bd0ea1277ee197376a3453f5c1cb49801a7304fc8f2fad242ca9cc55d8a946c565edf9facd5

    • SSDEEP

      98304:m82QgIvBjv9Fc4NawOdBxoxo2iRdwQTdYxtYgv0zgh:B2ihLzTOdXw6RdwQRYXH0zgh

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks