General

  • Target

    09898f95032e451238e4936a95cc2b8797418478e558dd4bae1da566ba751bcf

  • Size

    3.8MB

  • Sample

    240805-fne1ks1fmc

  • MD5

    48a8503cdfc8bc40daa6a57b023daaa5

  • SHA1

    b3e57e97d6846c21d14d0a8ff54d9c08fbd8fb33

  • SHA256

    09898f95032e451238e4936a95cc2b8797418478e558dd4bae1da566ba751bcf

  • SHA512

    14d738a6b387cf06dee1c6cb0fcddba92ec7622ec2f460bb1cc2ea3da01b3e2201814c1eeba7fb310c0e47eae5cd1a42ed35c8d3a48e3caaa8231c6a3c2bcdc2

  • SSDEEP

    98304:Nd3olS2xU5S17ss/YvvKoPRkiBN429KIwTlPSGk8QbE3dK:j3Y2GNY/k2K/TlU8QA4

Malware Config

Targets

    • Target

      09898f95032e451238e4936a95cc2b8797418478e558dd4bae1da566ba751bcf

    • Size

      3.8MB

    • MD5

      48a8503cdfc8bc40daa6a57b023daaa5

    • SHA1

      b3e57e97d6846c21d14d0a8ff54d9c08fbd8fb33

    • SHA256

      09898f95032e451238e4936a95cc2b8797418478e558dd4bae1da566ba751bcf

    • SHA512

      14d738a6b387cf06dee1c6cb0fcddba92ec7622ec2f460bb1cc2ea3da01b3e2201814c1eeba7fb310c0e47eae5cd1a42ed35c8d3a48e3caaa8231c6a3c2bcdc2

    • SSDEEP

      98304:Nd3olS2xU5S17ss/YvvKoPRkiBN429KIwTlPSGk8QbE3dK:j3Y2GNY/k2K/TlU8QA4

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks