General

  • Target

    194cddc81383f5a6cdd2a1ea63cc77d58b276380371caa43dc2f6b5db805c195

  • Size

    4.5MB

  • Sample

    240810-1ct1kstbjh

  • MD5

    2ca0165beea1185ce89a4afa49451f8d

  • SHA1

    ea4a9d016d482d8dca72db8fcc5f000cc19c7e9f

  • SHA256

    194cddc81383f5a6cdd2a1ea63cc77d58b276380371caa43dc2f6b5db805c195

  • SHA512

    47cf343a136ce1ecf09d646362bc7061974ca5d5e8d090f7fb70e7203e515b6048b7af323803975ac68b2a010b1bbca3ce32b5e0e15fc2956e7cb64c74bad7c7

  • SSDEEP

    98304:NR8KFD3QNl8tcjxmJqflylwKg1/kO+QUOjUqTCbfmW+3nNrKtdJ:v820/8tc8qfl6wjt+QUOXTW+3nNmtD

Malware Config

Targets

    • Target

      194cddc81383f5a6cdd2a1ea63cc77d58b276380371caa43dc2f6b5db805c195

    • Size

      4.5MB

    • MD5

      2ca0165beea1185ce89a4afa49451f8d

    • SHA1

      ea4a9d016d482d8dca72db8fcc5f000cc19c7e9f

    • SHA256

      194cddc81383f5a6cdd2a1ea63cc77d58b276380371caa43dc2f6b5db805c195

    • SHA512

      47cf343a136ce1ecf09d646362bc7061974ca5d5e8d090f7fb70e7203e515b6048b7af323803975ac68b2a010b1bbca3ce32b5e0e15fc2956e7cb64c74bad7c7

    • SSDEEP

      98304:NR8KFD3QNl8tcjxmJqflylwKg1/kO+QUOjUqTCbfmW+3nNrKtdJ:v820/8tc8qfl6wjt+QUOXTW+3nNmtD

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks