General

  • Target

    f48e42a4f90d5daa4a95940b17db287f.bin

  • Size

    3.8MB

  • Sample

    240802-ebch9avalm

  • MD5

    4db300714cddcd566686ee36d12ad862

  • SHA1

    52835255b5d2920ab68eea3640f00400c46ab81c

  • SHA256

    1e9e35dce94564b129d8a8d89b4cc17507155283196b3ffc1d21ff8f66a91e07

  • SHA512

    fba38a8b3ce1e33cf4866ad3abd667cf74db51079137a022f1d410fb67e5a0ed6241f443d113b8b557e55e055845365f9fc7a17db64ce64426d18e3e3ce02265

  • SSDEEP

    98304:MdfseZg0fax8oDyITGZzLOfIKb+OnsOsFJepYjzAC2dokK5Gtp:MeeZ1fax8NIGzLWNBOUokuUp

Malware Config

Targets

    • Target

      df2a73d62d5706ab059daf98d8e97e682287bd915ec0ca5fd1760171b9869a51.exe

    • Size

      3.8MB

    • MD5

      f48e42a4f90d5daa4a95940b17db287f

    • SHA1

      212767a89a7ee933c4c36225dd7872a852b4a893

    • SHA256

      df2a73d62d5706ab059daf98d8e97e682287bd915ec0ca5fd1760171b9869a51

    • SHA512

      364f7e25543139869c3d42dd01e1ec95dbcd6c48b981c9d83cf220a084232a91922be3b91cf9b0683c06d8fa1dca367bb6463c52cafbfab2e0a71f169e6bc3a6

    • SSDEEP

      98304:NmG+TWVslblJooDlcntFXzJtwFQOh+zhngK/9fEbgdZ:d+zbllliJtwFQoIhnP/9fEbgv

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks