General

  • Target

    6209ee3c946fdd516355c00ca2dd85e9eab282c3b85a8bf44d8798e2687657d9

  • Size

    4.9MB

  • Sample

    240530-k4fz2acf5y

  • MD5

    fa3841a5ddd93bac05836cf705f20551

  • SHA1

    e8473090de166a49edb0efa89e6ba120e719df08

  • SHA256

    6209ee3c946fdd516355c00ca2dd85e9eab282c3b85a8bf44d8798e2687657d9

  • SHA512

    9036f27377187c3b879250f73624df87dae84dc2fc4a7cbb58bb15ef2f9a23cc9ebf88035567f4e6b6e30cd8ccf99e14decad9b45202a6df66e2a7f9758d788a

  • SSDEEP

    98304:m6u5zgypP9WyAlUQL811ANADKObASg4Clj1eyDp0eDXYPwiCRJmWtx:5U8yVoyxQu1ANWKxr4Clj4ytvYYi8B

Malware Config

Targets

    • Target

      6209ee3c946fdd516355c00ca2dd85e9eab282c3b85a8bf44d8798e2687657d9

    • Size

      4.9MB

    • MD5

      fa3841a5ddd93bac05836cf705f20551

    • SHA1

      e8473090de166a49edb0efa89e6ba120e719df08

    • SHA256

      6209ee3c946fdd516355c00ca2dd85e9eab282c3b85a8bf44d8798e2687657d9

    • SHA512

      9036f27377187c3b879250f73624df87dae84dc2fc4a7cbb58bb15ef2f9a23cc9ebf88035567f4e6b6e30cd8ccf99e14decad9b45202a6df66e2a7f9758d788a

    • SSDEEP

      98304:m6u5zgypP9WyAlUQL811ANADKObASg4Clj1eyDp0eDXYPwiCRJmWtx:5U8yVoyxQu1ANWKxr4Clj4ytvYYi8B

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks