General

  • Target

    3a8c9f010a87038a151bcee14aed51d5.bin

  • Size

    7.6MB

  • Sample

    240802-ca533atdjc

  • MD5

    71ce78fe110bcf60906b6bfd8fcbc399

  • SHA1

    d877739ef15633f4865505544479916283fe73c8

  • SHA256

    96b48a9d276d466dbe69b4ff6a04be7d64aa92d96288f9986e5507ad862121c8

  • SHA512

    a89ac3c9d5fdc882df98b5837a27d345f56baf3bbf7513c24a2bcab4868996ba184ecd6e9b202ec2b339ac3822e49d52eda01387ffee5689a3ef58c42646149b

  • SSDEEP

    196608:ZM42uquVqXpi8ZZx5yGzmY9SKKdvhcbZuAlWQ5a1:ZM42upUVZZHvxYw5a1

Malware Config

Targets

    • Target

      258ecd1cb153a2a450ad5404f7c55a7dea44edb54da650ffa1165d7158dee94b.exe

    • Size

      7.6MB

    • MD5

      3a8c9f010a87038a151bcee14aed51d5

    • SHA1

      590e60bd792ead11cbd507c4de8ca9f77a3757a9

    • SHA256

      258ecd1cb153a2a450ad5404f7c55a7dea44edb54da650ffa1165d7158dee94b

    • SHA512

      e8448b043da7d98e22cac29c50725a414226bb75ba7ce8d00866d823155ce86074e3ac83f8bc57bbeced065885d3ba2235cf07a0dc81241bf4d9f19565f3ea83

    • SSDEEP

      196608:L55jmYtQnI3fBS5Bej4a+/0ZjZ+9DsypiKIsV7VV0FGtCKde3IZy5:LOOeBeq/0X+9DWKIsBEFGtCk4I8

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks