General

  • Target

    0222fc9efea5f01d8f72d5c965439343.bin

  • Size

    3.8MB

  • Sample

    240802-bcn2wswdkn

  • MD5

    c94a34b0e63e680c20759081588d037f

  • SHA1

    ad3cc9f3de137cd4b9e873becf3444afee8cb36e

  • SHA256

    0fc8771ff6d1c8060150491079467877546316512b288b269d7dd03f00f512a2

  • SHA512

    9b354d147285233b932bcd52c137fab9c81813a897e38ed20fa7c50e8cb25f395b4aaaa88decb8760e14fa54da978a0808289f1a9a67f55b92ebfbbd6257fbe4

  • SSDEEP

    98304:+HNuuqM8XPgmOxIfqrBXMq031MVAJGn0MM4fxgD:6hhjKSrJrnVAVOJE

Malware Config

Targets

    • Target

      adcde787a75fa1df4c1e1abf54c13cbfaf014f6b910c074bfae4576a900834d2.exe

    • Size

      3.8MB

    • MD5

      0222fc9efea5f01d8f72d5c965439343

    • SHA1

      c3fa7d3cf9bb9032ed059cf2136a9d5252fcd6e7

    • SHA256

      adcde787a75fa1df4c1e1abf54c13cbfaf014f6b910c074bfae4576a900834d2

    • SHA512

      17d6cefb14bba7d3373679f9eece292d99fdf4948932949d5c6fc011d5cded8cb72971d5dfdceec69059531fb55ad29e1ac891ac71608ecd2c955f8d14863b3c

    • SSDEEP

      98304:NwXPo8NYQr4+mODihX7X+LFzY5Pmg/7oAApCdF9:wqQKO6L+FzAjxApC39

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks