General

  • Target

    f44857fbb70f85b841dd531a743dd73a7a5c183db34fc49d7eda0108435ea5f7

  • Size

    4.6MB

  • Sample

    240530-3nndaaee7v

  • MD5

    82386bc2f616c61f6a057ee7f72e0471

  • SHA1

    aa79da098eb9f9fd09e0eb9cff31b8d0fa3dd3f6

  • SHA256

    f44857fbb70f85b841dd531a743dd73a7a5c183db34fc49d7eda0108435ea5f7

  • SHA512

    f2d0ce665d764f743afca6c3cedbd83bf650862e59f195c76c33ed6955e2441265f2556d6f27bc9b9f6823083ad26f2f3ac69df4b2292254a52ff479874ff706

  • SSDEEP

    98304:muulKNnQnmpbH+E+uUbLBxaqDWrIdDscBKMz3q4TMDUc3RdQETsjxtaRs:hNYmpSnH8ISpMza4QD/RdU6S

Malware Config

Targets

    • Target

      f44857fbb70f85b841dd531a743dd73a7a5c183db34fc49d7eda0108435ea5f7

    • Size

      4.6MB

    • MD5

      82386bc2f616c61f6a057ee7f72e0471

    • SHA1

      aa79da098eb9f9fd09e0eb9cff31b8d0fa3dd3f6

    • SHA256

      f44857fbb70f85b841dd531a743dd73a7a5c183db34fc49d7eda0108435ea5f7

    • SHA512

      f2d0ce665d764f743afca6c3cedbd83bf650862e59f195c76c33ed6955e2441265f2556d6f27bc9b9f6823083ad26f2f3ac69df4b2292254a52ff479874ff706

    • SSDEEP

      98304:muulKNnQnmpbH+E+uUbLBxaqDWrIdDscBKMz3q4TMDUc3RdQETsjxtaRs:hNYmpSnH8ISpMza4QD/RdU6S

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks