General

  • Target

    2edaa2ce0e4cfcf4ef6ddc3eb842d09390350b2f98241cdd33d5ab9642b1e674

  • Size

    3.8MB

  • Sample

    240810-g4p16ayfll

  • MD5

    1f3c6e482e2884b6c68564088abeeb13

  • SHA1

    78761209fec01934aeba106c129d76fb59146cf6

  • SHA256

    2edaa2ce0e4cfcf4ef6ddc3eb842d09390350b2f98241cdd33d5ab9642b1e674

  • SHA512

    2c72c364a5957dc28c076fa79c0f52a0a7ef55eaf2fbd3318e7bb2c9c65dce0d973c83743ac83d83602b41eaf01e721d5977dc64c81ef4046ccb57bcfdcf5b5d

  • SSDEEP

    98304:Nj+UTuX+UWqbI2w0uzbcHJI6wGpejsQutXWkfxNgNdXi:5+jX+UWSuQJIbd4W4gNY

Malware Config

Targets

    • Target

      2edaa2ce0e4cfcf4ef6ddc3eb842d09390350b2f98241cdd33d5ab9642b1e674

    • Size

      3.8MB

    • MD5

      1f3c6e482e2884b6c68564088abeeb13

    • SHA1

      78761209fec01934aeba106c129d76fb59146cf6

    • SHA256

      2edaa2ce0e4cfcf4ef6ddc3eb842d09390350b2f98241cdd33d5ab9642b1e674

    • SHA512

      2c72c364a5957dc28c076fa79c0f52a0a7ef55eaf2fbd3318e7bb2c9c65dce0d973c83743ac83d83602b41eaf01e721d5977dc64c81ef4046ccb57bcfdcf5b5d

    • SSDEEP

      98304:Nj+UTuX+UWqbI2w0uzbcHJI6wGpejsQutXWkfxNgNdXi:5+jX+UWSuQJIbd4W4gNY

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks