General

  • Target

    IkpQaE4MtUvIW5WFsHjc3NdL.exe

  • Size

    4.1MB

  • Sample

    240804-qnslsazhqa

  • MD5

    4cd68c556df71032f3dd455d95ef4453

  • SHA1

    2b8ed48f8ec965f611746cc65ebba1964065f6e8

  • SHA256

    a045aae04ded2c18b1ab1e206c18bf954844afd6b9c6e9efcecc4cc05dae71da

  • SHA512

    a1c6da21dc5bbab999d29f32cb4b44a1eea9ddb8c20481439018f0fe006ee3aa3a8e7c7ab47f72abff88c01b6875582f38db13afb817c81420fcd4255143fd53

  • SSDEEP

    98304:NJWDz1j13W/mqqD8+X+k8fpYK36gPI/Qa3FMpouiedU:GDquo+X+k8hYG6t/Qa3FMpouiey

Malware Config

Targets

    • Target

      IkpQaE4MtUvIW5WFsHjc3NdL.exe

    • Size

      4.1MB

    • MD5

      4cd68c556df71032f3dd455d95ef4453

    • SHA1

      2b8ed48f8ec965f611746cc65ebba1964065f6e8

    • SHA256

      a045aae04ded2c18b1ab1e206c18bf954844afd6b9c6e9efcecc4cc05dae71da

    • SHA512

      a1c6da21dc5bbab999d29f32cb4b44a1eea9ddb8c20481439018f0fe006ee3aa3a8e7c7ab47f72abff88c01b6875582f38db13afb817c81420fcd4255143fd53

    • SSDEEP

      98304:NJWDz1j13W/mqqD8+X+k8fpYK36gPI/Qa3FMpouiedU:GDquo+X+k8hYG6t/Qa3FMpouiey

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks