General

  • Target

    d2e5967efe64be2096909b9f377417c73d8ec1b3309d64ab8fed5bacc4824a33

  • Size

    4.9MB

  • Sample

    240530-kg3khsca4v

  • MD5

    e24cd0520e559728fe3a898389a874cb

  • SHA1

    9bea67e552b21b9cc966e6a00aa6929629e47c6e

  • SHA256

    d2e5967efe64be2096909b9f377417c73d8ec1b3309d64ab8fed5bacc4824a33

  • SHA512

    39bb53137d33bd57d1ba2ba3a0a029957059dc56fafa1f3d123549f917380aa1831cea1c9f43806c4a37d9545a091beb31492d80f3ffbf7838587c95f8d8b6d2

  • SSDEEP

    98304:muDEw8C9Nu1XKDqBrrYZYwgXtBJFT76a+toY0kKXic4uA01MxCOh:eGNu9fXtBJFTytoJXi6/MxCOh

Malware Config

Targets

    • Target

      d2e5967efe64be2096909b9f377417c73d8ec1b3309d64ab8fed5bacc4824a33

    • Size

      4.9MB

    • MD5

      e24cd0520e559728fe3a898389a874cb

    • SHA1

      9bea67e552b21b9cc966e6a00aa6929629e47c6e

    • SHA256

      d2e5967efe64be2096909b9f377417c73d8ec1b3309d64ab8fed5bacc4824a33

    • SHA512

      39bb53137d33bd57d1ba2ba3a0a029957059dc56fafa1f3d123549f917380aa1831cea1c9f43806c4a37d9545a091beb31492d80f3ffbf7838587c95f8d8b6d2

    • SSDEEP

      98304:muDEw8C9Nu1XKDqBrrYZYwgXtBJFT76a+toY0kKXic4uA01MxCOh:eGNu9fXtBJFTytoJXi6/MxCOh

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks