General

  • Target

    3ed9ea16684c6a6036d2990e00e9335e70877a130d9f9a3ec5d5c794f0df8cf7

  • Size

    4.1MB

  • Sample

    240804-dtxrgavbqq

  • MD5

    914f9e4b8921be693d4bc8ecb6bcec94

  • SHA1

    09d9ed4d8ecf10efd10a4074a0ab0e984c9f620d

  • SHA256

    3ed9ea16684c6a6036d2990e00e9335e70877a130d9f9a3ec5d5c794f0df8cf7

  • SHA512

    a34067548f9d1691034d500e6649a118ea48d929bc32a8df86a600d5170e78e81aac0042dab3e041be823d01f70545a79527a0406ade2619f7a8062f075fad9c

  • SSDEEP

    98304:NOxR7lQPl3rynX+wohV5rPGLgln33fHwjAo1hgITsAd3:4xZlQPtry2hnrPGch3/wjAovWA9

Malware Config

Targets

    • Target

      3ed9ea16684c6a6036d2990e00e9335e70877a130d9f9a3ec5d5c794f0df8cf7

    • Size

      4.1MB

    • MD5

      914f9e4b8921be693d4bc8ecb6bcec94

    • SHA1

      09d9ed4d8ecf10efd10a4074a0ab0e984c9f620d

    • SHA256

      3ed9ea16684c6a6036d2990e00e9335e70877a130d9f9a3ec5d5c794f0df8cf7

    • SHA512

      a34067548f9d1691034d500e6649a118ea48d929bc32a8df86a600d5170e78e81aac0042dab3e041be823d01f70545a79527a0406ade2619f7a8062f075fad9c

    • SSDEEP

      98304:NOxR7lQPl3rynX+wohV5rPGLgln33fHwjAo1hgITsAd3:4xZlQPtry2hnrPGch3/wjAovWA9

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks