General

  • Target

    dca3f56cf0b4f47a18c393912e1c6b8f3385d9363d2665313c469bf04507ccd6

  • Size

    3.8MB

  • Sample

    240803-zyb68azdmd

  • MD5

    854c16c0179eeb25eb02a7d3cb0bae27

  • SHA1

    c2ce1cc0c521dc9b3a455e69e2edcc137d94308d

  • SHA256

    dca3f56cf0b4f47a18c393912e1c6b8f3385d9363d2665313c469bf04507ccd6

  • SHA512

    859d9b6e2f1ae528f31420652d893806b4f0dfdf0c9343aef769ff2914554d9aedc9544f15c2f83d1b495a418eb3791ce18a91e1152896d5c75463a8ff05f999

  • SSDEEP

    98304:NhHiQnKLWygfG71ZBs6nOqWL1GjerqZxQpWlfA287Nyd3:LiNKe7BDOqWJGjp/5A24y9

Malware Config

Targets

    • Target

      dca3f56cf0b4f47a18c393912e1c6b8f3385d9363d2665313c469bf04507ccd6

    • Size

      3.8MB

    • MD5

      854c16c0179eeb25eb02a7d3cb0bae27

    • SHA1

      c2ce1cc0c521dc9b3a455e69e2edcc137d94308d

    • SHA256

      dca3f56cf0b4f47a18c393912e1c6b8f3385d9363d2665313c469bf04507ccd6

    • SHA512

      859d9b6e2f1ae528f31420652d893806b4f0dfdf0c9343aef769ff2914554d9aedc9544f15c2f83d1b495a418eb3791ce18a91e1152896d5c75463a8ff05f999

    • SSDEEP

      98304:NhHiQnKLWygfG71ZBs6nOqWL1GjerqZxQpWlfA287Nyd3:LiNKe7BDOqWJGjp/5A24y9

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks