General

  • Target

    92c565528d4c30288ceb3b72517ba32c55d96cf4040cbe4e808fa48a7b8fa9b7

  • Size

    4.7MB

  • Sample

    240530-asf6jsff2w

  • MD5

    7f3a2683f3eec555753af36998000cc6

  • SHA1

    541ac9252de06379e4bfa62814e007620cbd53f6

  • SHA256

    92c565528d4c30288ceb3b72517ba32c55d96cf4040cbe4e808fa48a7b8fa9b7

  • SHA512

    aee55a63988aeb50c091e7fbecd5befb388f9237900f95f716239a8df714480f8d7c4963082bf906850edcd7e0ed1175b91d6fd516bbb8262a776976419bb927

  • SSDEEP

    98304:mdH3CX5g+b419+Dvl3KU/OI2RGCN+L/XyLOXdW3nlLONIysHy:+3CKq416572RGJLvHXdAtVysS

Malware Config

Targets

    • Target

      92c565528d4c30288ceb3b72517ba32c55d96cf4040cbe4e808fa48a7b8fa9b7

    • Size

      4.7MB

    • MD5

      7f3a2683f3eec555753af36998000cc6

    • SHA1

      541ac9252de06379e4bfa62814e007620cbd53f6

    • SHA256

      92c565528d4c30288ceb3b72517ba32c55d96cf4040cbe4e808fa48a7b8fa9b7

    • SHA512

      aee55a63988aeb50c091e7fbecd5befb388f9237900f95f716239a8df714480f8d7c4963082bf906850edcd7e0ed1175b91d6fd516bbb8262a776976419bb927

    • SSDEEP

      98304:mdH3CX5g+b419+Dvl3KU/OI2RGCN+L/XyLOXdW3nlLONIysHy:+3CKq416572RGJLvHXdAtVysS

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Detects executables packed with VMProtect.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks