General

  • Target

    dd6500c9c92c4f9735594d28da561a757c9fd26b0f6e72a220421e5ff71af251

  • Size

    3.9MB

  • Sample

    240802-h7sf5axdlh

  • MD5

    3fddcd29881dfc93d9649ab36b42c993

  • SHA1

    339b709416e8b4a66c8ab6146fe541302b5cee36

  • SHA256

    dd6500c9c92c4f9735594d28da561a757c9fd26b0f6e72a220421e5ff71af251

  • SHA512

    d8d4ba09332d3145e7f039f669ab9819ec2aad8bf4fb5361307aea86839bf2d1dddbfc842d6358921148509ae8d59b2d859f9179336f469e4bd6cb4ffd4b3f8d

  • SSDEEP

    98304:NsQ64XsUGkFtiWS1NpB6ZIAY7C0xk3oDeSavZQV7vaGXdi:R6FWYRHP7C4ZavxI+GXk

Malware Config

Targets

    • Target

      dd6500c9c92c4f9735594d28da561a757c9fd26b0f6e72a220421e5ff71af251

    • Size

      3.9MB

    • MD5

      3fddcd29881dfc93d9649ab36b42c993

    • SHA1

      339b709416e8b4a66c8ab6146fe541302b5cee36

    • SHA256

      dd6500c9c92c4f9735594d28da561a757c9fd26b0f6e72a220421e5ff71af251

    • SHA512

      d8d4ba09332d3145e7f039f669ab9819ec2aad8bf4fb5361307aea86839bf2d1dddbfc842d6358921148509ae8d59b2d859f9179336f469e4bd6cb4ffd4b3f8d

    • SSDEEP

      98304:NsQ64XsUGkFtiWS1NpB6ZIAY7C0xk3oDeSavZQV7vaGXdi:R6FWYRHP7C4ZavxI+GXk

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks