General

  • Target

    54a5a788f5f9943f4734b0cf9e499d6d6cf9c0ba0df3c63a8eec9195431b2926

  • Size

    4.0MB

  • Sample

    240803-at1xcawhmk

  • MD5

    2effdd07d1b96669ea81f699672c5f09

  • SHA1

    bfc86d7a502a0e639816f95951eadd9288094b4d

  • SHA256

    54a5a788f5f9943f4734b0cf9e499d6d6cf9c0ba0df3c63a8eec9195431b2926

  • SHA512

    18c9a3403c53f1278f6919d6d6a193f4c345df1e7ed8ba1808b89c3b9eeec11bb087dc8a8918f415a7f950d11df9845fee1cfd7ea8852fcd2c3c70ca4e97202f

  • SSDEEP

    98304:NPdKgnV4cxmxN0ex4Us4Tdl3ggmghX6nUERRld2KKlitUnidK:NycQf4Us4rrmghKn/loKK1ni4

Malware Config

Targets

    • Target

      54a5a788f5f9943f4734b0cf9e499d6d6cf9c0ba0df3c63a8eec9195431b2926

    • Size

      4.0MB

    • MD5

      2effdd07d1b96669ea81f699672c5f09

    • SHA1

      bfc86d7a502a0e639816f95951eadd9288094b4d

    • SHA256

      54a5a788f5f9943f4734b0cf9e499d6d6cf9c0ba0df3c63a8eec9195431b2926

    • SHA512

      18c9a3403c53f1278f6919d6d6a193f4c345df1e7ed8ba1808b89c3b9eeec11bb087dc8a8918f415a7f950d11df9845fee1cfd7ea8852fcd2c3c70ca4e97202f

    • SSDEEP

      98304:NPdKgnV4cxmxN0ex4Us4Tdl3ggmghX6nUERRld2KKlitUnidK:NycQf4Us4rrmghKn/loKK1ni4

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks