General

  • Target

    b1ea1d1933c6349c8959127a9472776dfcc6d22e190d7fdb1444ea173ae32c74

  • Size

    4.3MB

  • Sample

    240803-hmnbns1ama

  • MD5

    eb064d78c65b6dd682478ca516390799

  • SHA1

    ab168d9cfcea721f72afff092840da0ba57bf900

  • SHA256

    b1ea1d1933c6349c8959127a9472776dfcc6d22e190d7fdb1444ea173ae32c74

  • SHA512

    3385d03fa33ee7b077149cab4e0f2d645c02844e1524b3ad38958c4fb007315c585875795d4044a61066701228db4ca24a9f0a8ea52cd4773b70c2dd1906842b

  • SSDEEP

    98304:NdoPzzz3W4mpLywF3S9qrivIeOGsSm5bx/3ydo:kPLm4k4qrivIeOR5bdiy

Malware Config

Targets

    • Target

      b1ea1d1933c6349c8959127a9472776dfcc6d22e190d7fdb1444ea173ae32c74

    • Size

      4.3MB

    • MD5

      eb064d78c65b6dd682478ca516390799

    • SHA1

      ab168d9cfcea721f72afff092840da0ba57bf900

    • SHA256

      b1ea1d1933c6349c8959127a9472776dfcc6d22e190d7fdb1444ea173ae32c74

    • SHA512

      3385d03fa33ee7b077149cab4e0f2d645c02844e1524b3ad38958c4fb007315c585875795d4044a61066701228db4ca24a9f0a8ea52cd4773b70c2dd1906842b

    • SSDEEP

      98304:NdoPzzz3W4mpLywF3S9qrivIeOGsSm5bx/3ydo:kPLm4k4qrivIeOR5bdiy

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks