General

  • Target

    2a151d57822c015eeaf052e916975e2c35ff179e06cd46c15f41c7a1b11b0418

  • Size

    3.5MB

  • Sample

    240810-b8gyfszgnp

  • MD5

    e440d1d097b900b0fd59bf067a171364

  • SHA1

    3e4628a4ab372a9711723a6dbecabc34ca140faa

  • SHA256

    2a151d57822c015eeaf052e916975e2c35ff179e06cd46c15f41c7a1b11b0418

  • SHA512

    c64588779545c5be421bd8468d56eeb51d5bffdaec2289ef8ad4562adca7d122f0ce3379b42936eb0b226f9dda9932b4048f59bf2ddd45db9ca293d14aa0f2d3

  • SSDEEP

    98304:NfQQoIPt9uGOD4qL6bmD7xtGcnEWCBn/PsshFfNhhZR0guAds:R/RP3uGOD4cOExznELpj5NzZmgN2

Malware Config

Targets

    • Target

      2a151d57822c015eeaf052e916975e2c35ff179e06cd46c15f41c7a1b11b0418

    • Size

      3.5MB

    • MD5

      e440d1d097b900b0fd59bf067a171364

    • SHA1

      3e4628a4ab372a9711723a6dbecabc34ca140faa

    • SHA256

      2a151d57822c015eeaf052e916975e2c35ff179e06cd46c15f41c7a1b11b0418

    • SHA512

      c64588779545c5be421bd8468d56eeb51d5bffdaec2289ef8ad4562adca7d122f0ce3379b42936eb0b226f9dda9932b4048f59bf2ddd45db9ca293d14aa0f2d3

    • SSDEEP

      98304:NfQQoIPt9uGOD4qL6bmD7xtGcnEWCBn/PsshFfNhhZR0guAds:R/RP3uGOD4cOExznELpj5NzZmgN2

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks