General

  • Target

    756f114234720d2b6e2825c40ceebee594c7986783c2611369b6c05203cacfe0

  • Size

    6.1MB

  • Sample

    240530-b1pnbsag66

  • MD5

    9585b54b4ab650cff7933ae88d220e89

  • SHA1

    8a4abb783385e15297f585b2ee2d375f0f660210

  • SHA256

    756f114234720d2b6e2825c40ceebee594c7986783c2611369b6c05203cacfe0

  • SHA512

    82189524d570d4950d0d705de8240abfd6acc9605c2448cc9e4a552d71df1669ff6f2762f319b07dc73802d34c45e472e7527f03157f7fc73ab70fbca982870b

  • SSDEEP

    196608:KsxxAJAABhExte88DwXOGLdj9U/HLiq5T4b7TC:rxAZhEx9/H3U/9EnTC

Malware Config

Targets

    • Target

      756f114234720d2b6e2825c40ceebee594c7986783c2611369b6c05203cacfe0

    • Size

      6.1MB

    • MD5

      9585b54b4ab650cff7933ae88d220e89

    • SHA1

      8a4abb783385e15297f585b2ee2d375f0f660210

    • SHA256

      756f114234720d2b6e2825c40ceebee594c7986783c2611369b6c05203cacfe0

    • SHA512

      82189524d570d4950d0d705de8240abfd6acc9605c2448cc9e4a552d71df1669ff6f2762f319b07dc73802d34c45e472e7527f03157f7fc73ab70fbca982870b

    • SSDEEP

      196608:KsxxAJAABhExte88DwXOGLdj9U/HLiq5T4b7TC:rxAZhEx9/H3U/9EnTC

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks