General

  • Target

    21eef1b1329c0c3f3ead40d8473b15d266353bdc3a97bb836ca0902bcd9af3a4

  • Size

    4.2MB

  • Sample

    240804-2ng1tsydrr

  • MD5

    f4b5f00a6405855e9dcb207bc46ebabf

  • SHA1

    bc5833f2878c62eb07e19017d3f18382bc3494f9

  • SHA256

    21eef1b1329c0c3f3ead40d8473b15d266353bdc3a97bb836ca0902bcd9af3a4

  • SHA512

    5e23ae6202aff167571f96450d96defab75d3fec8740b1ac8b34f5c5594d1e53abfd7f12df2765d93c31395cf4488d2b66e7483cdd8b48b9d2d0bad95327ec86

  • SSDEEP

    98304:Ns0NIZPUaOg7OiaRudx+yDM6TIZeYx2Fhu3nj4oHjuNiBNI9Vq/dZ:q0NIZsOOi+LyAUIYJY3puYBNQq/T

Malware Config

Targets

    • Target

      21eef1b1329c0c3f3ead40d8473b15d266353bdc3a97bb836ca0902bcd9af3a4

    • Size

      4.2MB

    • MD5

      f4b5f00a6405855e9dcb207bc46ebabf

    • SHA1

      bc5833f2878c62eb07e19017d3f18382bc3494f9

    • SHA256

      21eef1b1329c0c3f3ead40d8473b15d266353bdc3a97bb836ca0902bcd9af3a4

    • SHA512

      5e23ae6202aff167571f96450d96defab75d3fec8740b1ac8b34f5c5594d1e53abfd7f12df2765d93c31395cf4488d2b66e7483cdd8b48b9d2d0bad95327ec86

    • SSDEEP

      98304:Ns0NIZPUaOg7OiaRudx+yDM6TIZeYx2Fhu3nj4oHjuNiBNI9Vq/dZ:q0NIZsOOi+LyAUIYJY3puYBNQq/T

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks