General

  • Target

    7c73d59c2d90b17079d969721fd86a9437ca440dfac37aea9b2617c3a96fcde5

  • Size

    3.8MB

  • Sample

    240803-2fmlcaxepr

  • MD5

    e26c76100a089a94c3d1acd93db457cf

  • SHA1

    25fb66bc18362ee0c008e72b909190a3f18e7f34

  • SHA256

    7c73d59c2d90b17079d969721fd86a9437ca440dfac37aea9b2617c3a96fcde5

  • SHA512

    c98c097edb078293201ac2f8ac0dcf11d518d5b500a14437011fefbc4b855073801b66bc1fccded42c34723dedb810d3b46d722cf92a9a1106c37afba8a8a8d4

  • SSDEEP

    49152:1vM6eXNvwBT5/E+bHCofOzDgnK5g56tsNXwmS3oYC9LIrFkf23KbgONkLZidgkT7:NMOlnfmD6FcuyFTcgNodJIK9wPpGcKd3

Malware Config

Targets

    • Target

      7c73d59c2d90b17079d969721fd86a9437ca440dfac37aea9b2617c3a96fcde5

    • Size

      3.8MB

    • MD5

      e26c76100a089a94c3d1acd93db457cf

    • SHA1

      25fb66bc18362ee0c008e72b909190a3f18e7f34

    • SHA256

      7c73d59c2d90b17079d969721fd86a9437ca440dfac37aea9b2617c3a96fcde5

    • SHA512

      c98c097edb078293201ac2f8ac0dcf11d518d5b500a14437011fefbc4b855073801b66bc1fccded42c34723dedb810d3b46d722cf92a9a1106c37afba8a8a8d4

    • SSDEEP

      49152:1vM6eXNvwBT5/E+bHCofOzDgnK5g56tsNXwmS3oYC9LIrFkf23KbgONkLZidgkT7:NMOlnfmD6FcuyFTcgNodJIK9wPpGcKd3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks