General

  • Target

    a6e413bb8f590d91e06494341c130bdb7f7d9781a7f060f12eb725b11af92baf

  • Size

    6.1MB

  • Sample

    240530-avsblafg2s

  • MD5

    02d49e5cf4b69c236d7ce42053a2dc71

  • SHA1

    a6c6fd263c4d71a78d4abb178381b7a42c971734

  • SHA256

    a6e413bb8f590d91e06494341c130bdb7f7d9781a7f060f12eb725b11af92baf

  • SHA512

    88012e610748ec7de2cf413567f26539cfd13deec8df145fb8774cdac9514ec39ad870bc49084ce27c9dc68e4c014a65267e1532a480d3bc6a52068a37363dc1

  • SSDEEP

    196608:jDIOLJsPPjStfu0pYFuKNnznIJN75gG0T:jDSWtfAF3NzngZy

Malware Config

Targets

    • Target

      a6e413bb8f590d91e06494341c130bdb7f7d9781a7f060f12eb725b11af92baf

    • Size

      6.1MB

    • MD5

      02d49e5cf4b69c236d7ce42053a2dc71

    • SHA1

      a6c6fd263c4d71a78d4abb178381b7a42c971734

    • SHA256

      a6e413bb8f590d91e06494341c130bdb7f7d9781a7f060f12eb725b11af92baf

    • SHA512

      88012e610748ec7de2cf413567f26539cfd13deec8df145fb8774cdac9514ec39ad870bc49084ce27c9dc68e4c014a65267e1532a480d3bc6a52068a37363dc1

    • SSDEEP

      196608:jDIOLJsPPjStfu0pYFuKNnznIJN75gG0T:jDSWtfAF3NzngZy

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks