General

  • Target

    4e8ff0d3e7fcd38dabb0f053807fdd237168bfeb09304b9bbeb4f72b703006ca

  • Size

    4.8MB

  • Sample

    240530-k7ksdsdg42

  • MD5

    017b7502c2c4f952c7b80cf06ea0f23b

  • SHA1

    e3b9227e96ffb494219e30678eb55ceabf43e1c9

  • SHA256

    4e8ff0d3e7fcd38dabb0f053807fdd237168bfeb09304b9bbeb4f72b703006ca

  • SHA512

    f9b95dfe7acb38763cb2bfa65a9a2b591f303f25d6b8b797e68a03dfe264519adac0170eb779fb9473fc0a34f6cb786d10c3dff2a05fb17a4884d82ed0ccd6b1

  • SSDEEP

    98304:maJSoOnR3qF7ImrVVo1D/5XIYwOhZIa4npr424dmSeVRSLbo3:XHOR3qFVr41D/xIlO7dGy2ymhUE3

Malware Config

Targets

    • Target

      4e8ff0d3e7fcd38dabb0f053807fdd237168bfeb09304b9bbeb4f72b703006ca

    • Size

      4.8MB

    • MD5

      017b7502c2c4f952c7b80cf06ea0f23b

    • SHA1

      e3b9227e96ffb494219e30678eb55ceabf43e1c9

    • SHA256

      4e8ff0d3e7fcd38dabb0f053807fdd237168bfeb09304b9bbeb4f72b703006ca

    • SHA512

      f9b95dfe7acb38763cb2bfa65a9a2b591f303f25d6b8b797e68a03dfe264519adac0170eb779fb9473fc0a34f6cb786d10c3dff2a05fb17a4884d82ed0ccd6b1

    • SSDEEP

      98304:maJSoOnR3qF7ImrVVo1D/5XIYwOhZIa4npr424dmSeVRSLbo3:XHOR3qFVr41D/xIlO7dGy2ymhUE3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks