General

  • Target

    0397a435a4095545726947a32a29fa6fd46204dd3a7c77d71540f717dc79514f

  • Size

    4.8MB

  • Sample

    240530-h1w6qsbd64

  • MD5

    f9c49b64163833cec21d3ff1025ebafe

  • SHA1

    6f032df5254eb50fdf3e8ff6a99b6c4fa3364234

  • SHA256

    0397a435a4095545726947a32a29fa6fd46204dd3a7c77d71540f717dc79514f

  • SHA512

    683ff6e4e3491442eba6cd18c1095ef2e762e01ee38119e5f0694316df0a781513d4c96b3c58b0a8d76a01e01fadfbfa342abc1f47db3189ed819724568fc2e9

  • SSDEEP

    98304:mnBPE5AM7wC/+9puTxRAkf6+ZbWOARALzqq9mx/41ofBCALA:eW5j3+9gDACWPAyq9M416BnLA

Malware Config

Targets

    • Target

      0397a435a4095545726947a32a29fa6fd46204dd3a7c77d71540f717dc79514f

    • Size

      4.8MB

    • MD5

      f9c49b64163833cec21d3ff1025ebafe

    • SHA1

      6f032df5254eb50fdf3e8ff6a99b6c4fa3364234

    • SHA256

      0397a435a4095545726947a32a29fa6fd46204dd3a7c77d71540f717dc79514f

    • SHA512

      683ff6e4e3491442eba6cd18c1095ef2e762e01ee38119e5f0694316df0a781513d4c96b3c58b0a8d76a01e01fadfbfa342abc1f47db3189ed819724568fc2e9

    • SSDEEP

      98304:mnBPE5AM7wC/+9puTxRAkf6+ZbWOARALzqq9mx/41ofBCALA:eW5j3+9gDACWPAyq9M416BnLA

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks