General

  • Target

    58f3452e473f6f6b9083353e4c04f4244dfa5c47c296ddcef6d79683d58b4e50

  • Size

    3.8MB

  • Sample

    240801-27qgba1hkr

  • MD5

    912e6f5951efb629c44e50dae906ba61

  • SHA1

    6a09860467de8bc43ca3f8d6d5bbe7d06a924ad7

  • SHA256

    58f3452e473f6f6b9083353e4c04f4244dfa5c47c296ddcef6d79683d58b4e50

  • SHA512

    4f574525ffd780a7b6747029ad9437829acaccc484d48e6b46f9f4960977f173a594204eaac089f924940c7bcefc475fb18baf789858a2256757d4b256644e0a

  • SSDEEP

    98304:NEmcg0UCAjcH5mY9stJ3BL2/0s97x0L0P5yU1/m4UeZ5s0toRzs3dRq7:qmcg0Kt3m0s97x0QxyUc4Uejs0Om33q7

Malware Config

Targets

    • Target

      58f3452e473f6f6b9083353e4c04f4244dfa5c47c296ddcef6d79683d58b4e50

    • Size

      3.8MB

    • MD5

      912e6f5951efb629c44e50dae906ba61

    • SHA1

      6a09860467de8bc43ca3f8d6d5bbe7d06a924ad7

    • SHA256

      58f3452e473f6f6b9083353e4c04f4244dfa5c47c296ddcef6d79683d58b4e50

    • SHA512

      4f574525ffd780a7b6747029ad9437829acaccc484d48e6b46f9f4960977f173a594204eaac089f924940c7bcefc475fb18baf789858a2256757d4b256644e0a

    • SSDEEP

      98304:NEmcg0UCAjcH5mY9stJ3BL2/0s97x0L0P5yU1/m4UeZ5s0toRzs3dRq7:qmcg0Kt3m0s97x0QxyUc4Uejs0Om33q7

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks