General

  • Target

    f0a5877073940516a828d37bce7dc4597779eb33fcc4423e4cf3d07adc380ceb

  • Size

    5.6MB

  • Sample

    240531-ahqx1aff2x

  • MD5

    6428d4958c257c085d64bdf25c6b28b4

  • SHA1

    a6d4ba9e1701f745d66daad36a283b3e57b325bc

  • SHA256

    f0a5877073940516a828d37bce7dc4597779eb33fcc4423e4cf3d07adc380ceb

  • SHA512

    2d97fd33933aeb5bc5a0859985f97ab974fac8315ba0c58864d072cdca20cd0630ad2310b6742f727415fce6d678713ba1018eaa792b7f2fe9d65c456ccc8cd9

  • SSDEEP

    98304:mnq7Y1XgFPTQVnkGRmOq4ZhWSNVpjaLnxdhyb0U7SpCI1sR7r43:j7U+WkGRmOqigS39aLxDyF7SZqM3

Malware Config

Targets

    • Target

      f0a5877073940516a828d37bce7dc4597779eb33fcc4423e4cf3d07adc380ceb

    • Size

      5.6MB

    • MD5

      6428d4958c257c085d64bdf25c6b28b4

    • SHA1

      a6d4ba9e1701f745d66daad36a283b3e57b325bc

    • SHA256

      f0a5877073940516a828d37bce7dc4597779eb33fcc4423e4cf3d07adc380ceb

    • SHA512

      2d97fd33933aeb5bc5a0859985f97ab974fac8315ba0c58864d072cdca20cd0630ad2310b6742f727415fce6d678713ba1018eaa792b7f2fe9d65c456ccc8cd9

    • SSDEEP

      98304:mnq7Y1XgFPTQVnkGRmOq4ZhWSNVpjaLnxdhyb0U7SpCI1sR7r43:j7U+WkGRmOqigS39aLxDyF7SZqM3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks