General

  • Target

    7c252d3441823fba2f45f104f773c48ae932dbebae20f2060b6381fcea3f974a

  • Size

    6.2MB

  • Sample

    240603-wcsejafc65

  • MD5

    2b38bbadd02e3ab8082c9ccaff3a54b0

  • SHA1

    4e90d54e25fbd9c7fd7fa1ac369ff549c2811d87

  • SHA256

    7c252d3441823fba2f45f104f773c48ae932dbebae20f2060b6381fcea3f974a

  • SHA512

    4a4430f2c16a98d77ff0517edb77a14049d6d28b407fcbf1ad6e05fdbd348e52ae3d7034b97491db714c01d0802753b5a515d4224e677f21dee0e701f34a75e7

  • SSDEEP

    196608:iDNIMD5DQhBc/7ck6IiVuoQD/7yRHJ1F1PvaD:+pGa/7ck6XVuoQDjyRJpSD

Malware Config

Targets

    • Target

      7c252d3441823fba2f45f104f773c48ae932dbebae20f2060b6381fcea3f974a

    • Size

      6.2MB

    • MD5

      2b38bbadd02e3ab8082c9ccaff3a54b0

    • SHA1

      4e90d54e25fbd9c7fd7fa1ac369ff549c2811d87

    • SHA256

      7c252d3441823fba2f45f104f773c48ae932dbebae20f2060b6381fcea3f974a

    • SHA512

      4a4430f2c16a98d77ff0517edb77a14049d6d28b407fcbf1ad6e05fdbd348e52ae3d7034b97491db714c01d0802753b5a515d4224e677f21dee0e701f34a75e7

    • SSDEEP

      196608:iDNIMD5DQhBc/7ck6IiVuoQD/7yRHJ1F1PvaD:+pGa/7ck6XVuoQDjyRJpSD

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks