General

  • Target

    d7c2ae69130a6ce561cce4750f4461c55a756b8600f99fd46d575c0f784ecfb7.exe

  • Size

    3.9MB

  • Sample

    240802-cxj44svglc

  • MD5

    d70abd1552bf00a477c52cd07c675f4a

  • SHA1

    63497a5d53f35bec661bfd018ed013283f11bb78

  • SHA256

    d7c2ae69130a6ce561cce4750f4461c55a756b8600f99fd46d575c0f784ecfb7

  • SHA512

    0398350d5ef4b7458a3c7050720049c18f8c487e211f1e5436fb6a23fcf4e9e486c89f03b95c1c8b54f3bce10ab181d86522fe3a98c8673182d908e2a7f5c2f8

  • SSDEEP

    98304:N0vqyMiXkuT9uAQ+iVLIsXBdWfX4RYVJId4:2OiVuAQ57BofX4UGa

Malware Config

Targets

    • Target

      d7c2ae69130a6ce561cce4750f4461c55a756b8600f99fd46d575c0f784ecfb7.exe

    • Size

      3.9MB

    • MD5

      d70abd1552bf00a477c52cd07c675f4a

    • SHA1

      63497a5d53f35bec661bfd018ed013283f11bb78

    • SHA256

      d7c2ae69130a6ce561cce4750f4461c55a756b8600f99fd46d575c0f784ecfb7

    • SHA512

      0398350d5ef4b7458a3c7050720049c18f8c487e211f1e5436fb6a23fcf4e9e486c89f03b95c1c8b54f3bce10ab181d86522fe3a98c8673182d908e2a7f5c2f8

    • SSDEEP

      98304:N0vqyMiXkuT9uAQ+iVLIsXBdWfX4RYVJId4:2OiVuAQ57BofX4UGa

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks