General

  • Target

    460532bce77c6d0fd1657631baca226960cef5edd840b9f79c149b0a072b33b4.exe

  • Size

    4.0MB

  • Sample

    240802-b2lcasxhlm

  • MD5

    dae82b131bd6361010e1a892cc9ce2e9

  • SHA1

    362197555bdbebc88a6d0ffb480a0f72cc4c1c6b

  • SHA256

    460532bce77c6d0fd1657631baca226960cef5edd840b9f79c149b0a072b33b4

  • SHA512

    ecadd2e8e8d438261e08cd162018ac841c1017dd0d32a1313b179b80d8684cc4761ba36176c537b69d3ad343d3cac84c1d239630fa6ac983b8908c6f8b6415a0

  • SSDEEP

    98304:NNGL1Henn3GA1eEjpdVXk05Mp+x2mg1cGyLdP/3:SHYGAoENdj5G19mZv

Malware Config

Targets

    • Target

      460532bce77c6d0fd1657631baca226960cef5edd840b9f79c149b0a072b33b4.exe

    • Size

      4.0MB

    • MD5

      dae82b131bd6361010e1a892cc9ce2e9

    • SHA1

      362197555bdbebc88a6d0ffb480a0f72cc4c1c6b

    • SHA256

      460532bce77c6d0fd1657631baca226960cef5edd840b9f79c149b0a072b33b4

    • SHA512

      ecadd2e8e8d438261e08cd162018ac841c1017dd0d32a1313b179b80d8684cc4761ba36176c537b69d3ad343d3cac84c1d239630fa6ac983b8908c6f8b6415a0

    • SSDEEP

      98304:NNGL1Henn3GA1eEjpdVXk05Mp+x2mg1cGyLdP/3:SHYGAoENdj5G19mZv

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks