General

  • Target

    30d614aa120290b85615ea46102a699a.bin

  • Size

    3.9MB

  • Sample

    240802-b69wfsybrm

  • MD5

    857b068e19a9a49355f1fbfac58b2c5c

  • SHA1

    bb1565e15ee020d576bcfc156fad22303da12a2a

  • SHA256

    4c951f221d57de5eae3329f1655cbe079c125b3141fc5828827fba1a85c16785

  • SHA512

    c925732fdd6e378631e7363f557c333b0b85f5656f719762c9359cb77e185a11b5e80acd6d3fe48b1d5666534ed3f40e944692de34407292fcf6bfcdfceef0e7

  • SSDEEP

    98304:XT6TtsUEz4mBv5PR14hyZUrFxZ7KinAaStuDFK6:XTAsUEsKg8KzZ7KinAaIuBv

Malware Config

Targets

    • Target

      9364698aabc3bc3b4882baa2a468dbded4663fb172a39e9a87641d0321f05c96.exe

    • Size

      3.9MB

    • MD5

      30d614aa120290b85615ea46102a699a

    • SHA1

      3bf745f5e576de3036d0e7ce01127495eafa24ef

    • SHA256

      9364698aabc3bc3b4882baa2a468dbded4663fb172a39e9a87641d0321f05c96

    • SHA512

      7b285726dbc50cd1fc4170074a5a73063415ee40949b6c8efcf5578eaac60b694b1ed15d1f658d541e75250b7fb62714fee728945638dd03cf84dbed2ebd1d66

    • SSDEEP

      98304:NhJURqyUglwFpzeY0spM0mZQxd0+kK5qSPOIKPnIMdP/3:qwJFYypM0vAsPDQZv

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks