General

  • Target

    aaa2cbc31474b55c06be287fedd2e9d0921ae1fb56a5555b9319c9fc7835b6f5

  • Size

    4.6MB

  • Sample

    240810-3jfsmsyaqh

  • MD5

    bbe1278b5b721383225df3370267ba23

  • SHA1

    d57f190870967778a0214bb185b256d90800123a

  • SHA256

    aaa2cbc31474b55c06be287fedd2e9d0921ae1fb56a5555b9319c9fc7835b6f5

  • SHA512

    3ab7c95a0393ef9e809f95c4625de6f1294199beee03ee2a2352eaf75fd1e8d1d2cebc6e954b9299ae7eeb7cbef7385c0b82f7f69a30014fae2f0890d050bd8d

  • SSDEEP

    98304:NAUJSl+JAHkJCl5ypPHKMjX+0bUJmWIfsrXb5QTJAOqsXBWT5odJ:WTlweYpyJ0QoNQX6Az75oD

Malware Config

Targets

    • Target

      aaa2cbc31474b55c06be287fedd2e9d0921ae1fb56a5555b9319c9fc7835b6f5

    • Size

      4.6MB

    • MD5

      bbe1278b5b721383225df3370267ba23

    • SHA1

      d57f190870967778a0214bb185b256d90800123a

    • SHA256

      aaa2cbc31474b55c06be287fedd2e9d0921ae1fb56a5555b9319c9fc7835b6f5

    • SHA512

      3ab7c95a0393ef9e809f95c4625de6f1294199beee03ee2a2352eaf75fd1e8d1d2cebc6e954b9299ae7eeb7cbef7385c0b82f7f69a30014fae2f0890d050bd8d

    • SSDEEP

      98304:NAUJSl+JAHkJCl5ypPHKMjX+0bUJmWIfsrXb5QTJAOqsXBWT5odJ:WTlweYpyJ0QoNQX6Az75oD

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks