General

  • Target

    0c68a72d21baf129b3d6251ef25159f7bfbf98e5742115d534df8f00ad01d5e4

  • Size

    4.8MB

  • Sample

    240530-lrszhaed66

  • MD5

    00668bb78e1dd0ba49de8e5a7ec01a31

  • SHA1

    4b06eb8e2db010038ba072ed5ba93fb8dc2682d8

  • SHA256

    0c68a72d21baf129b3d6251ef25159f7bfbf98e5742115d534df8f00ad01d5e4

  • SHA512

    b8d5ddaa7c870a0f3e7baec0500250e916e81db1232255a2aaec1bf93afde0520179dcead0f5800290fe0668c88fc8ca50f71e59d678c29c4d697a0f10cd06d9

  • SSDEEP

    98304:mZBMIhnS6AcdY6hXdsOFlHpju9iVoZgmbguvqop/byjTgV:GB99bdXhXdsOfpjFbmbgw9yvgV

Malware Config

Targets

    • Target

      0c68a72d21baf129b3d6251ef25159f7bfbf98e5742115d534df8f00ad01d5e4

    • Size

      4.8MB

    • MD5

      00668bb78e1dd0ba49de8e5a7ec01a31

    • SHA1

      4b06eb8e2db010038ba072ed5ba93fb8dc2682d8

    • SHA256

      0c68a72d21baf129b3d6251ef25159f7bfbf98e5742115d534df8f00ad01d5e4

    • SHA512

      b8d5ddaa7c870a0f3e7baec0500250e916e81db1232255a2aaec1bf93afde0520179dcead0f5800290fe0668c88fc8ca50f71e59d678c29c4d697a0f10cd06d9

    • SSDEEP

      98304:mZBMIhnS6AcdY6hXdsOFlHpju9iVoZgmbguvqop/byjTgV:GB99bdXhXdsOfpjFbmbgw9yvgV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks