General

  • Target

    ffc2b0891fc6c848aca2afba9894d9ce.bin

  • Size

    4.0MB

  • Sample

    240802-ebxjesvanq

  • MD5

    e1879e5d266d4677162e41f643539035

  • SHA1

    9eaaa5535ac858c08538cdc616a012d28663aa9b

  • SHA256

    54de583f863cf728d0fc745920184ab328c865c3fec7b05649e7c2baf9197283

  • SHA512

    6ffb003b7a7eb2eb8b885d17978d373254fc4bd6986cde0bb4e258d81a6e6cbd3d24031d84556b38848218924ffa7f3ce9ac51547c1ca211a63c3cbde1b71191

  • SSDEEP

    98304:SDFTi44wGrmH8SRBu13MVjcoxb4m/sI9yAnCefqbDEgsLhL:iGicS+13Mey8u9ftyXotL

Malware Config

Targets

    • Target

      a51b75ef6b4fb020c834b8d1b58c11de532ee6171ea94a645f5986630332de26.exe

    • Size

      4.0MB

    • MD5

      ffc2b0891fc6c848aca2afba9894d9ce

    • SHA1

      5afee0c45f59cdd18b24375d3ac3051d9accde66

    • SHA256

      a51b75ef6b4fb020c834b8d1b58c11de532ee6171ea94a645f5986630332de26

    • SHA512

      c5bc17516bb7737a204e207c2f15d8e5cdedfc6c7e21c1f366cde4791ea34de98f9c7cb318d5ada4987d85668e854dae36c0de56357da11222b7b7041f1be70c

    • SSDEEP

      98304:N3JcHVKkA4tDj+p8VZOHo50XbnY4xBW5/lGxFgg1bMdiH8+07dP/3:fcHVINY2oKnY4rCtXU8+6Zv

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks