General

  • Target

    2c378a01bc643c91d21f2458b39ebad0dffdf84ddb6c176978e75496f3227a9f

  • Size

    4.1MB

  • Sample

    240803-pdrfasxelb

  • MD5

    7a12fff5493f696b5ac9736bd2e8cd39

  • SHA1

    241caf3bd619998727667bb50f1fdd5b95c952f2

  • SHA256

    2c378a01bc643c91d21f2458b39ebad0dffdf84ddb6c176978e75496f3227a9f

  • SHA512

    2673e5cf1f08a387bf6b26ff15360f7d9931cf0addf02c93bc206b095f9d2db51e11ebaf9ef16303c627b264665a86b91b2374fe5ac7582a108c6a7d8da88fdc

  • SSDEEP

    98304:NQ5D2l9l4iS08HSl0VEnoavYoS0cNVDX6HMSJRN2do:TlPZ8HPE809HMSJRgy

Malware Config

Targets

    • Target

      2c378a01bc643c91d21f2458b39ebad0dffdf84ddb6c176978e75496f3227a9f

    • Size

      4.1MB

    • MD5

      7a12fff5493f696b5ac9736bd2e8cd39

    • SHA1

      241caf3bd619998727667bb50f1fdd5b95c952f2

    • SHA256

      2c378a01bc643c91d21f2458b39ebad0dffdf84ddb6c176978e75496f3227a9f

    • SHA512

      2673e5cf1f08a387bf6b26ff15360f7d9931cf0addf02c93bc206b095f9d2db51e11ebaf9ef16303c627b264665a86b91b2374fe5ac7582a108c6a7d8da88fdc

    • SSDEEP

      98304:NQ5D2l9l4iS08HSl0VEnoavYoS0cNVDX6HMSJRN2do:TlPZ8HPE809HMSJRgy

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks