General

  • Target

    38a4f01b629b6188b3dc1efa69200242.bin

  • Size

    3.8MB

  • Sample

    240802-b7xyaaycmj

  • MD5

    d4886f1259bca90c7d00d752a987993d

  • SHA1

    6164e5f522ecff58351e20ec26fee72f89837539

  • SHA256

    2b9a497923d53c4d383fcbd2c91784bab8c939e700d1af962f285e4f9363f136

  • SHA512

    f358f1022458b0774dec4be4a465922aee005c1be8379cd5734e5005db87881ddcb7bfce3d5471cb5b5af989390014dfd274d50d451ce24681d70aa0539a2237

  • SSDEEP

    49152:DLUYHQG037eUnkKYa7rlMEyNrQF5obl2nRYEGbCnhwArsWmA9lJU4gf+k3TE9qSr:DQYHQG0raKYorli05rYijr/lS4Mo9qz+

Malware Config

Targets

    • Target

      5f368a7a339e485c3795a21bea867e9ea0606c3c66f7ca3c3b4a644a70d05228.exe

    • Size

      3.8MB

    • MD5

      38a4f01b629b6188b3dc1efa69200242

    • SHA1

      c440409a8093c7b8c3ef11881bb4be889a491127

    • SHA256

      5f368a7a339e485c3795a21bea867e9ea0606c3c66f7ca3c3b4a644a70d05228

    • SHA512

      64e7844b172b20028c1b1fc408111e9dfcee0cf75a3651b20092bebb1c627aad7762861fa68fbe2a098fd73f0ca17362170936af07e1a769426c6a2addc3c60a

    • SSDEEP

      98304:NpD2VAbc8tEKL9tBKxmLchSYZv2PcYl2XxxflVxvxl8oPPYNdHdP/3:3KSTtEA9DKoLareP1lizpJaEPYLZv

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks