General

  • Target

    c3c4e83c24b66eb5dd53bce4b13d62da7197e37bb67e4bd39b548f2f788c2c84.exe

  • Size

    3.8MB

  • Sample

    240802-cs4b7avekg

  • MD5

    6c0c9107eb91bf3807a7f7b4e78db284

  • SHA1

    65373ee78444eb17d759d223e7c87c1976458255

  • SHA256

    c3c4e83c24b66eb5dd53bce4b13d62da7197e37bb67e4bd39b548f2f788c2c84

  • SHA512

    531b04b44e219f61d69e0a71e746e47d145f3fe242b9b47f19bba24fbeaeb53e5e079a826bb14b7aa3c944f26978b753d63be8c968a7f0e36a851a693a638f9c

  • SSDEEP

    98304:Nt3GdnqS0ZcefciekVW1/mtvhGljcuEh7Rh5Cnh04ABd/4OMXNdP/3:byqS0ZceUKWNmtvhwchRz4A3AJ9Zv

Malware Config

Targets

    • Target

      c3c4e83c24b66eb5dd53bce4b13d62da7197e37bb67e4bd39b548f2f788c2c84.exe

    • Size

      3.8MB

    • MD5

      6c0c9107eb91bf3807a7f7b4e78db284

    • SHA1

      65373ee78444eb17d759d223e7c87c1976458255

    • SHA256

      c3c4e83c24b66eb5dd53bce4b13d62da7197e37bb67e4bd39b548f2f788c2c84

    • SHA512

      531b04b44e219f61d69e0a71e746e47d145f3fe242b9b47f19bba24fbeaeb53e5e079a826bb14b7aa3c944f26978b753d63be8c968a7f0e36a851a693a638f9c

    • SSDEEP

      98304:Nt3GdnqS0ZcefciekVW1/mtvhGljcuEh7Rh5Cnh04ABd/4OMXNdP/3:byqS0ZceUKWNmtvhwchRz4A3AJ9Zv

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks