General

  • Target

    e92f66c269ffcad21ede132d07fec9f23304a42985d59d0a2ceb38fd3f7bb54e.exe

  • Size

    4.1MB

  • Sample

    240802-c1ezka1bpr

  • MD5

    83f750533ff1e3c52bd45aad9c51d20d

  • SHA1

    a14e2b4638cfb472d940b1cbb4c477c1136cd87c

  • SHA256

    e92f66c269ffcad21ede132d07fec9f23304a42985d59d0a2ceb38fd3f7bb54e

  • SHA512

    83bbe25af278fdc714b5a8ea9dffef8cb3bf8334a67fec745817cdd4685c1b2ed61ccfbebc95aea69424f5cbbca3224e659a6fc6fe16f9e7206d19acf7370f85

  • SSDEEP

    98304:NLxlEzWQc39s15xwQddxyVDV4N3+JuPdXL4KZdM1db+TweRugcd3:7lEqQc39s1MmdRNTdXsKvxRBct

Malware Config

Targets

    • Target

      e92f66c269ffcad21ede132d07fec9f23304a42985d59d0a2ceb38fd3f7bb54e.exe

    • Size

      4.1MB

    • MD5

      83f750533ff1e3c52bd45aad9c51d20d

    • SHA1

      a14e2b4638cfb472d940b1cbb4c477c1136cd87c

    • SHA256

      e92f66c269ffcad21ede132d07fec9f23304a42985d59d0a2ceb38fd3f7bb54e

    • SHA512

      83bbe25af278fdc714b5a8ea9dffef8cb3bf8334a67fec745817cdd4685c1b2ed61ccfbebc95aea69424f5cbbca3224e659a6fc6fe16f9e7206d19acf7370f85

    • SSDEEP

      98304:NLxlEzWQc39s15xwQddxyVDV4N3+JuPdXL4KZdM1db+TweRugcd3:7lEqQc39s1MmdRNTdXsKvxRBct

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks