General

  • Target

    6802bcc0bba9c2887713f5137ff4ad89.bin

  • Size

    3.9MB

  • Sample

    240802-cjy14szbjn

  • MD5

    dd31d98c143f00b3960e227dc9f853f7

  • SHA1

    b0c59f9832d6afd5abbe21edd724bf1921ed4556

  • SHA256

    7069602b7ee97b8b8a7e9e31622ffbaf92c8338fb02cc2c7ef2722c982f14ed8

  • SHA512

    f0eb199485f495b1de558032e6eea715037b0d242bc6af5833c0c1bd7647a3156d4991e4e97d0902be5172ba154e0553d6e6d31408717e59ebfdb9c319225d6f

  • SSDEEP

    98304:M2q1+hbuCjgF9Kp5whUYNvK4aqXNyeLqqR6NYsnwTZw:M2gk9pp5whJvK4HdyF2Tm

Malware Config

Targets

    • Target

      9016f29156d47c3b546d2c3591462cadeda43202e6b3a313b1977ca17bc8f244.exe

    • Size

      3.9MB

    • MD5

      6802bcc0bba9c2887713f5137ff4ad89

    • SHA1

      91f670d8b27cd8a5f32700c58fec2a1b35942f1e

    • SHA256

      9016f29156d47c3b546d2c3591462cadeda43202e6b3a313b1977ca17bc8f244

    • SHA512

      33e78b895e0b97da7aac9bca10602223700f206e4804bfd5059cf27ba754ebb35bba9804522f17133887a11d71ea698720d53cf6dd45b86e5af95da3ddbf5948

    • SSDEEP

      98304:NaBJgAuUDsCnPQ9OX4HheEo6XC4BgC5twFrHDwmliqN3PDiuTdZ:6TuUAqQ9Qjj6H15UHV5Tv

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks