General

  • Target

    a3f384031028eb44d87dfcee700bbcfe2f50f89d0d08a5f7cf866cac719e9e54

  • Size

    3.9MB

  • Sample

    240803-sd9hnaxalk

  • MD5

    20c1411d368aae74bf3f07e49416f8a5

  • SHA1

    2f800d91350c304687977a6997689d99cc81625a

  • SHA256

    a3f384031028eb44d87dfcee700bbcfe2f50f89d0d08a5f7cf866cac719e9e54

  • SHA512

    3656f207ffeda1fdd1557090757eee75bc41aedfaa35f8fb93e1c08e5bc36c232827d81115632049c3b18830ff9b82c1cf0ab121b87ae4b786de5a0efc3dad76

  • SSDEEP

    98304:NZPGQrQ615H8NYHBAe0AQO8y2NCsdVRBcO4qGqMvbWgwhET9BEodU:3z9+YdQO8yHsfcO4riKDW

Malware Config

Targets

    • Target

      a3f384031028eb44d87dfcee700bbcfe2f50f89d0d08a5f7cf866cac719e9e54

    • Size

      3.9MB

    • MD5

      20c1411d368aae74bf3f07e49416f8a5

    • SHA1

      2f800d91350c304687977a6997689d99cc81625a

    • SHA256

      a3f384031028eb44d87dfcee700bbcfe2f50f89d0d08a5f7cf866cac719e9e54

    • SHA512

      3656f207ffeda1fdd1557090757eee75bc41aedfaa35f8fb93e1c08e5bc36c232827d81115632049c3b18830ff9b82c1cf0ab121b87ae4b786de5a0efc3dad76

    • SSDEEP

      98304:NZPGQrQ615H8NYHBAe0AQO8y2NCsdVRBcO4qGqMvbWgwhET9BEodU:3z9+YdQO8yHsfcO4riKDW

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks