General

  • Target

    0c344a5ac35717d38b07c9d8986333fff85cccc3c7505b12ebc75b0cbf955c0a

  • Size

    4.9MB

  • Sample

    240530-hbpqcsad98

  • MD5

    b85f055ad96d7bbe8aa09fd7ec41d040

  • SHA1

    05c62693bc71041fea6ee4404e6d5968c98cff3f

  • SHA256

    0c344a5ac35717d38b07c9d8986333fff85cccc3c7505b12ebc75b0cbf955c0a

  • SHA512

    d070675fbf09f0e5c387f7b632c85ca4617ca99336e1a12db7442436ff03fa25f00da9acd2f4bb31c823e3959f2394c34e93ce20fa188cb3f96c9a969e001809

  • SSDEEP

    98304:mJyVUe+HiqazWPzT97VGWEiHvgAO2d+xJDu9U4N6Kz8mpigk6dIYLhLI:QyVerPdVyAO2MLEUU8mpigk6djNLI

Malware Config

Targets

    • Target

      0c344a5ac35717d38b07c9d8986333fff85cccc3c7505b12ebc75b0cbf955c0a

    • Size

      4.9MB

    • MD5

      b85f055ad96d7bbe8aa09fd7ec41d040

    • SHA1

      05c62693bc71041fea6ee4404e6d5968c98cff3f

    • SHA256

      0c344a5ac35717d38b07c9d8986333fff85cccc3c7505b12ebc75b0cbf955c0a

    • SHA512

      d070675fbf09f0e5c387f7b632c85ca4617ca99336e1a12db7442436ff03fa25f00da9acd2f4bb31c823e3959f2394c34e93ce20fa188cb3f96c9a969e001809

    • SSDEEP

      98304:mJyVUe+HiqazWPzT97VGWEiHvgAO2d+xJDu9U4N6Kz8mpigk6dIYLhLI:QyVerPdVyAO2MLEUU8mpigk6djNLI

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks