General

  • Target

    b4a7be0c6d5141a404f2944da87990a2dc642fcc7f53ce948c8410543a8f101d

  • Size

    3.6MB

  • Sample

    240810-fer9jszhlg

  • MD5

    e8db868193affe40032caab334eb0221

  • SHA1

    cc4f40471d699d55b2d9198e515320387dd8d6b0

  • SHA256

    b4a7be0c6d5141a404f2944da87990a2dc642fcc7f53ce948c8410543a8f101d

  • SHA512

    43b59d03a0ce5121a8cca96645a2a8241c23dcfba2368e818e9e22931850de226aa2bc70dcf74a0f6ffbb134486d1f819cddbc74d06465e05e8df96dc2dd5350

  • SSDEEP

    98304:Nxx+Lt4vwTkWhmB0t7xZCIn4QCCFTooHF1ZGn4mHN+gHNL7dm:h+LuvwThmBUdTCCFdHFo+gHNnk

Malware Config

Targets

    • Target

      b4a7be0c6d5141a404f2944da87990a2dc642fcc7f53ce948c8410543a8f101d

    • Size

      3.6MB

    • MD5

      e8db868193affe40032caab334eb0221

    • SHA1

      cc4f40471d699d55b2d9198e515320387dd8d6b0

    • SHA256

      b4a7be0c6d5141a404f2944da87990a2dc642fcc7f53ce948c8410543a8f101d

    • SHA512

      43b59d03a0ce5121a8cca96645a2a8241c23dcfba2368e818e9e22931850de226aa2bc70dcf74a0f6ffbb134486d1f819cddbc74d06465e05e8df96dc2dd5350

    • SSDEEP

      98304:Nxx+Lt4vwTkWhmB0t7xZCIn4QCCFTooHF1ZGn4mHN+gHNL7dm:h+LuvwThmBUdTCCFdHFo+gHNnk

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks