General

  • Target

    5439adf060cc7fb0cc70af50cf49b0c814ebe6caced4dcf1e4271c7166c57eec

  • Size

    4.9MB

  • Sample

    240530-jhmd9aca34

  • MD5

    7f73a691f625092d24481dbd7e1a0250

  • SHA1

    241d95bffda423716fadcb1aec0633c72cbf5198

  • SHA256

    5439adf060cc7fb0cc70af50cf49b0c814ebe6caced4dcf1e4271c7166c57eec

  • SHA512

    1fc2b90bf373af6019c1f064be43f6204957e0008faeaa81151eb97536fb65a2b47e3e1d7d087e2f299f9fd261eef2ad43ddce339b5f9b466780e741fe109f11

  • SSDEEP

    98304:mki9ZcsVeowZMvwDJR7rcdbzal+EU6pkwsn4LoMabLgwwbeu5:fOusaZMIDUtal+q+wS0i0we

Malware Config

Targets

    • Target

      5439adf060cc7fb0cc70af50cf49b0c814ebe6caced4dcf1e4271c7166c57eec

    • Size

      4.9MB

    • MD5

      7f73a691f625092d24481dbd7e1a0250

    • SHA1

      241d95bffda423716fadcb1aec0633c72cbf5198

    • SHA256

      5439adf060cc7fb0cc70af50cf49b0c814ebe6caced4dcf1e4271c7166c57eec

    • SHA512

      1fc2b90bf373af6019c1f064be43f6204957e0008faeaa81151eb97536fb65a2b47e3e1d7d087e2f299f9fd261eef2ad43ddce339b5f9b466780e741fe109f11

    • SSDEEP

      98304:mki9ZcsVeowZMvwDJR7rcdbzal+EU6pkwsn4LoMabLgwwbeu5:fOusaZMIDUtal+q+wS0i0we

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks