General

  • Target

    920477db829ff70d2a2d48c58854d7429267bd0a114c48fdc4cf13f9c815b394

  • Size

    4.5MB

  • Sample

    240810-2d9m4a1fll

  • MD5

    4701bf711ec2020789ade4b25ee8f2bb

  • SHA1

    e79a678815aef7d6b86b9ea30c69aa9fac637f8b

  • SHA256

    920477db829ff70d2a2d48c58854d7429267bd0a114c48fdc4cf13f9c815b394

  • SHA512

    8adb129a6cd01c1e3f8925cfea323bbe9bcaaa1d52763d1243cf3c16886f8ff6d5b31c00f9c554e0f7a2ca388e8288c38fa6fb3f182eb8ee9121078945a665d0

  • SSDEEP

    98304:NNR38dfEtnSkdKChI/8jVUQ7Q3KEP4iY09ap47/MWRiKC0Ux2X0hndJ:DR38JEtVKD/8ZUQ72KEP4iY0U47tRi9v

Malware Config

Targets

    • Target

      920477db829ff70d2a2d48c58854d7429267bd0a114c48fdc4cf13f9c815b394

    • Size

      4.5MB

    • MD5

      4701bf711ec2020789ade4b25ee8f2bb

    • SHA1

      e79a678815aef7d6b86b9ea30c69aa9fac637f8b

    • SHA256

      920477db829ff70d2a2d48c58854d7429267bd0a114c48fdc4cf13f9c815b394

    • SHA512

      8adb129a6cd01c1e3f8925cfea323bbe9bcaaa1d52763d1243cf3c16886f8ff6d5b31c00f9c554e0f7a2ca388e8288c38fa6fb3f182eb8ee9121078945a665d0

    • SSDEEP

      98304:NNR38dfEtnSkdKChI/8jVUQ7Q3KEP4iY09ap47/MWRiKC0Ux2X0hndJ:DR38JEtVKD/8ZUQ72KEP4iY0U47tRi9v

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks