General

  • Target

    51b2cfa5d0606a22eaea0cc0d63573a689475fbeb5e6736dd8a189b4563b22cc

  • Size

    3.6MB

  • Sample

    240804-pab67svcqm

  • MD5

    5933e1399ca4b54fc38b834cbd93d1ce

  • SHA1

    82c533665cd4744db245b45748cd0a687f5099a3

  • SHA256

    51b2cfa5d0606a22eaea0cc0d63573a689475fbeb5e6736dd8a189b4563b22cc

  • SHA512

    8005a1986f853f6f958a1a42b972376fbbf9096825e241a12c1e6262cdfac8987140c8e5c0cd2b5d3c3b1495fd86a8e8872da6325896374f58ec6d97d1b64e8c

  • SSDEEP

    49152:1vmtVYqtgIuXnwIBa2v3fc90BkZsnExeIocghqBqQOe0+6/y+wjQg/wpkJzPDOtz:NmltuXn7lv3E9ZNgBeYc7Y0XMavetpdv

Malware Config

Targets

    • Target

      51b2cfa5d0606a22eaea0cc0d63573a689475fbeb5e6736dd8a189b4563b22cc

    • Size

      3.6MB

    • MD5

      5933e1399ca4b54fc38b834cbd93d1ce

    • SHA1

      82c533665cd4744db245b45748cd0a687f5099a3

    • SHA256

      51b2cfa5d0606a22eaea0cc0d63573a689475fbeb5e6736dd8a189b4563b22cc

    • SHA512

      8005a1986f853f6f958a1a42b972376fbbf9096825e241a12c1e6262cdfac8987140c8e5c0cd2b5d3c3b1495fd86a8e8872da6325896374f58ec6d97d1b64e8c

    • SSDEEP

      49152:1vmtVYqtgIuXnwIBa2v3fc90BkZsnExeIocghqBqQOe0+6/y+wjQg/wpkJzPDOtz:NmltuXn7lv3E9ZNgBeYc7Y0XMavetpdv

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks