General

  • Target

    696eeac56da5f2d59fa8a1ee6be0f6400880ab30f0222179204b4776df0854d9

  • Size

    4.7MB

  • Sample

    240530-j1y6rsce33

  • MD5

    417c1b5c2665b7893d255ebfc820c6f7

  • SHA1

    5e11c62a35ebffa884d0c964a0be6d648cad4e12

  • SHA256

    696eeac56da5f2d59fa8a1ee6be0f6400880ab30f0222179204b4776df0854d9

  • SHA512

    3a38c9c802eb18fca4eaae4b72414dde7110704d86795ec06670ec5bd7543cf3768bc6e19668ed0dab02868ddd46ce2415f21ff1d2589d2ccb371823662be4f4

  • SSDEEP

    98304:mbRmMK69F8Z4kFTZsYnTvDpRrR+yv4lFWKyfWoxigm4HfVdX19:Wkj6gZ3tpTvNrp4EzfWosgLHfB9

Malware Config

Targets

    • Target

      696eeac56da5f2d59fa8a1ee6be0f6400880ab30f0222179204b4776df0854d9

    • Size

      4.7MB

    • MD5

      417c1b5c2665b7893d255ebfc820c6f7

    • SHA1

      5e11c62a35ebffa884d0c964a0be6d648cad4e12

    • SHA256

      696eeac56da5f2d59fa8a1ee6be0f6400880ab30f0222179204b4776df0854d9

    • SHA512

      3a38c9c802eb18fca4eaae4b72414dde7110704d86795ec06670ec5bd7543cf3768bc6e19668ed0dab02868ddd46ce2415f21ff1d2589d2ccb371823662be4f4

    • SSDEEP

      98304:mbRmMK69F8Z4kFTZsYnTvDpRrR+yv4lFWKyfWoxigm4HfVdX19:Wkj6gZ3tpTvNrp4EzfWosgLHfB9

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks