General

  • Target

    eb7ecf4bc50ec08df3319404d829526a4a4354db932d23b67ce6c5d960a9fd84.exe

  • Size

    3.8MB

  • Sample

    240802-c1rclawajc

  • MD5

    be1d586649e768bc45af4757b5700419

  • SHA1

    d1797a8bdc37f635ed97993b41bc5011c22d3fe4

  • SHA256

    eb7ecf4bc50ec08df3319404d829526a4a4354db932d23b67ce6c5d960a9fd84

  • SHA512

    b8fa14e631a865c259ee8973086a41c916b6c52a05d97230f0b6e403b5f9c33578ed597c02f00a05eaed59f01ee671d5827dcfa07cd41cb9ee0ffd57e0dc8be9

  • SSDEEP

    98304:N21MveaG75nuQ3bNQQnLTM5+uW4h9KJd3:A2e90QLNQgTE7Wq9St

Malware Config

Targets

    • Target

      eb7ecf4bc50ec08df3319404d829526a4a4354db932d23b67ce6c5d960a9fd84.exe

    • Size

      3.8MB

    • MD5

      be1d586649e768bc45af4757b5700419

    • SHA1

      d1797a8bdc37f635ed97993b41bc5011c22d3fe4

    • SHA256

      eb7ecf4bc50ec08df3319404d829526a4a4354db932d23b67ce6c5d960a9fd84

    • SHA512

      b8fa14e631a865c259ee8973086a41c916b6c52a05d97230f0b6e403b5f9c33578ed597c02f00a05eaed59f01ee671d5827dcfa07cd41cb9ee0ffd57e0dc8be9

    • SSDEEP

      98304:N21MveaG75nuQ3bNQQnLTM5+uW4h9KJd3:A2e90QLNQgTE7Wq9St

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks