General

  • Target

    e362af985a7297aa6eb102e810d7e32944fba39e4eb45236e02d0aa2243ec3ee

  • Size

    4.7MB

  • Sample

    240530-3lyfgafd68

  • MD5

    fd3d305fbcf8727d7aafc869c3579b76

  • SHA1

    404c85bad23a3e76256b87e0824607f89a4309ec

  • SHA256

    e362af985a7297aa6eb102e810d7e32944fba39e4eb45236e02d0aa2243ec3ee

  • SHA512

    56479e2dd8ed464b156c861204bc1c67904afa5d983ee76365828eb3f782623384f26256756bcd68a5464e13f6196a27f68d10a8ff485a6cd8d2de902d083675

  • SSDEEP

    98304:mme8wAi8KfZJHcTukhR5JBHm+Yuym66A8Ixs3Aoc+YnRnjQCHRd5yxMMG:8Ai1xJHcTH5JBG+Yu+fgAoMRjPxazG

Malware Config

Targets

    • Target

      e362af985a7297aa6eb102e810d7e32944fba39e4eb45236e02d0aa2243ec3ee

    • Size

      4.7MB

    • MD5

      fd3d305fbcf8727d7aafc869c3579b76

    • SHA1

      404c85bad23a3e76256b87e0824607f89a4309ec

    • SHA256

      e362af985a7297aa6eb102e810d7e32944fba39e4eb45236e02d0aa2243ec3ee

    • SHA512

      56479e2dd8ed464b156c861204bc1c67904afa5d983ee76365828eb3f782623384f26256756bcd68a5464e13f6196a27f68d10a8ff485a6cd8d2de902d083675

    • SSDEEP

      98304:mme8wAi8KfZJHcTukhR5JBHm+Yuym66A8Ixs3Aoc+YnRnjQCHRd5yxMMG:8Ai1xJHcTH5JBG+Yu+fgAoMRjPxazG

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks