General

  • Target

    b10e1e4e61f30bbb4d198093576da9867e723191e17527611fbcc1dad598e4f4

  • Size

    4.8MB

  • Sample

    240530-b798lsab6w

  • MD5

    dbf10caf0035b25c6f6cc6326e0ffdb0

  • SHA1

    6a5289643ab79833287953c97aa5e2f356678d07

  • SHA256

    b10e1e4e61f30bbb4d198093576da9867e723191e17527611fbcc1dad598e4f4

  • SHA512

    490aa898e35b1c8a843e4cb55bf4873a8526ce3dee24a1fe1a0ebf657c8628a3d54e08cc056564d8c110380f9da667a8e8420d28d3e645b2e6de5a70577cc04d

  • SSDEEP

    98304:mXCHlrOgmZYrQ9GW+2kVU/zQ+fJEwKHv7r6:iCZOgZrQH5kV+xfKHv7r6

Malware Config

Targets

    • Target

      b10e1e4e61f30bbb4d198093576da9867e723191e17527611fbcc1dad598e4f4

    • Size

      4.8MB

    • MD5

      dbf10caf0035b25c6f6cc6326e0ffdb0

    • SHA1

      6a5289643ab79833287953c97aa5e2f356678d07

    • SHA256

      b10e1e4e61f30bbb4d198093576da9867e723191e17527611fbcc1dad598e4f4

    • SHA512

      490aa898e35b1c8a843e4cb55bf4873a8526ce3dee24a1fe1a0ebf657c8628a3d54e08cc056564d8c110380f9da667a8e8420d28d3e645b2e6de5a70577cc04d

    • SSDEEP

      98304:mXCHlrOgmZYrQ9GW+2kVU/zQ+fJEwKHv7r6:iCZOgZrQH5kV+xfKHv7r6

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Detects executables packed with VMProtect.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks