General

  • Target

    5ea242a561d2a84de448d81e63b174b722a1fcc8a3226a4b9673010368bc3b4b

  • Size

    5.5MB

  • Sample

    240530-fcaaysga47

  • MD5

    6409aec3770bd614b9e4dfbd1b85d282

  • SHA1

    b1ad1d1fdfe453a623e6edcf25b1329ff72073ca

  • SHA256

    5ea242a561d2a84de448d81e63b174b722a1fcc8a3226a4b9673010368bc3b4b

  • SHA512

    2232383f45ce108cf9104a542b94637e041251f23b23739e39e21e222be9f54903b1042dbdf0cd7e304e044773ffcfebedc9b6a3129aab3780f7c684f47ddd5d

  • SSDEEP

    98304:mQ6D3J4p4IhMHpfhLFnYbNSi5G5acp53GTHwjWltYvU3Oe5mJpsg:WrJe4IhMJtcN4xGTMstYsZgHP

Malware Config

Targets

    • Target

      5ea242a561d2a84de448d81e63b174b722a1fcc8a3226a4b9673010368bc3b4b

    • Size

      5.5MB

    • MD5

      6409aec3770bd614b9e4dfbd1b85d282

    • SHA1

      b1ad1d1fdfe453a623e6edcf25b1329ff72073ca

    • SHA256

      5ea242a561d2a84de448d81e63b174b722a1fcc8a3226a4b9673010368bc3b4b

    • SHA512

      2232383f45ce108cf9104a542b94637e041251f23b23739e39e21e222be9f54903b1042dbdf0cd7e304e044773ffcfebedc9b6a3129aab3780f7c684f47ddd5d

    • SSDEEP

      98304:mQ6D3J4p4IhMHpfhLFnYbNSi5G5acp53GTHwjWltYvU3Oe5mJpsg:WrJe4IhMJtcN4xGTMstYsZgHP

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks