General

  • Target

    8256afe980c3fc907d887a425112c9e39363c037a8a8b6121c6ee5c17b0c41fc.exe

  • Size

    4.0MB

  • Sample

    240802-cgc1vstgja

  • MD5

    b1957cc8e25fd7251e92afd5ea2fe4ef

  • SHA1

    22efca840d8cabdca24a3a9fe343c04e2651f04f

  • SHA256

    8256afe980c3fc907d887a425112c9e39363c037a8a8b6121c6ee5c17b0c41fc

  • SHA512

    9e494e28426a087f7538dac1714cd42733cc5051792564c9505fc16485386a251df23966a3452373dba81d013b6f18536e9eb28ff9ea4e2cb982fb299cc733c5

  • SSDEEP

    49152:1vNLEGLqCivpVSJtU5m3+szv76eXQuHju8UrGTxnNCri6XkKMcH6omqaaGgTjq90:NeEivHYtXnzv79/CHAnNmaoK/eqqd3

Malware Config

Targets

    • Target

      8256afe980c3fc907d887a425112c9e39363c037a8a8b6121c6ee5c17b0c41fc.exe

    • Size

      4.0MB

    • MD5

      b1957cc8e25fd7251e92afd5ea2fe4ef

    • SHA1

      22efca840d8cabdca24a3a9fe343c04e2651f04f

    • SHA256

      8256afe980c3fc907d887a425112c9e39363c037a8a8b6121c6ee5c17b0c41fc

    • SHA512

      9e494e28426a087f7538dac1714cd42733cc5051792564c9505fc16485386a251df23966a3452373dba81d013b6f18536e9eb28ff9ea4e2cb982fb299cc733c5

    • SSDEEP

      49152:1vNLEGLqCivpVSJtU5m3+szv76eXQuHju8UrGTxnNCri6XkKMcH6omqaaGgTjq90:NeEivHYtXnzv79/CHAnNmaoK/eqqd3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks