General

  • Target

    74e8a9e7ca6dc6b65aaea4ae461060ee7333f7dcf9edb7877b410cf131812bc4

  • Size

    4.2MB

  • Sample

    240804-s777patane

  • MD5

    8e916d8e93058af6d03fa521a7e16891

  • SHA1

    284ef241cb678ce8bfaf307ecb8409b5c621c174

  • SHA256

    74e8a9e7ca6dc6b65aaea4ae461060ee7333f7dcf9edb7877b410cf131812bc4

  • SHA512

    d5cf1d77f9a7700ffc52888ee53f76bea3d1c69d7b5231cfc76b869f1096a15ee812ec548c90d8b56f8b1c737d6b1a86f301fd8cb733344b2adf32c4d85ddef3

  • SSDEEP

    49152:1vthObCf4uqjtsBpkw9niSMRgvNXQkX1GalgPF37VCiNxuNk2gDtXeKtu8NUYsvs:NthsCfUcfnieNLTOP7bxnF70cGdU

Malware Config

Targets

    • Target

      74e8a9e7ca6dc6b65aaea4ae461060ee7333f7dcf9edb7877b410cf131812bc4

    • Size

      4.2MB

    • MD5

      8e916d8e93058af6d03fa521a7e16891

    • SHA1

      284ef241cb678ce8bfaf307ecb8409b5c621c174

    • SHA256

      74e8a9e7ca6dc6b65aaea4ae461060ee7333f7dcf9edb7877b410cf131812bc4

    • SHA512

      d5cf1d77f9a7700ffc52888ee53f76bea3d1c69d7b5231cfc76b869f1096a15ee812ec548c90d8b56f8b1c737d6b1a86f301fd8cb733344b2adf32c4d85ddef3

    • SSDEEP

      49152:1vthObCf4uqjtsBpkw9niSMRgvNXQkX1GalgPF37VCiNxuNk2gDtXeKtu8NUYsvs:NthsCfUcfnieNLTOP7bxnF70cGdU

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks