Resubmissions

10/08/2024, 22:45

240810-2plqeawepa 10

09/08/2024, 22:04

240809-1y8qvsvgme 10

General

  • Target

    bfea462a7527fc9f2c573fc362bebcfabb0148b7e2521adc106962f9c555b26c

  • Size

    3.5MB

  • Sample

    240810-2plqeawepa

  • MD5

    f4963b9e212361a18b29483845c45e7a

  • SHA1

    78259eab19223e51c013595f1532b2c71e642e20

  • SHA256

    bfea462a7527fc9f2c573fc362bebcfabb0148b7e2521adc106962f9c555b26c

  • SHA512

    5e44489ed3bbf26e46bb1b72c61c74fca6770ef078dfdc1e0b4e662894b853b07b21aceb3f14c9cb5594363a81cc040da72605f14ee3e03a2a073d1fde103650

  • SSDEEP

    98304:NfB9rIRN/3XHGXMcQQnrZABdOpm9XxBClSEYuds:HdMYqQnrCBdbxxAlSEj2

Malware Config

Targets

    • Target

      bfea462a7527fc9f2c573fc362bebcfabb0148b7e2521adc106962f9c555b26c

    • Size

      3.5MB

    • MD5

      f4963b9e212361a18b29483845c45e7a

    • SHA1

      78259eab19223e51c013595f1532b2c71e642e20

    • SHA256

      bfea462a7527fc9f2c573fc362bebcfabb0148b7e2521adc106962f9c555b26c

    • SHA512

      5e44489ed3bbf26e46bb1b72c61c74fca6770ef078dfdc1e0b4e662894b853b07b21aceb3f14c9cb5594363a81cc040da72605f14ee3e03a2a073d1fde103650

    • SSDEEP

      98304:NfB9rIRN/3XHGXMcQQnrZABdOpm9XxBClSEYuds:HdMYqQnrCBdbxxAlSEj2

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks