General

  • Target

    cf3990a2ef56e9abdfc1d31bced3f546f19009654a04c4d43e01abec4cef50f9

  • Size

    3.7MB

  • Sample

    240810-gjthvaxhqq

  • MD5

    f77e35ac550a7b77b97b95320444af1f

  • SHA1

    abfbef264bd0cd6d215be3fb815e7877e339b525

  • SHA256

    cf3990a2ef56e9abdfc1d31bced3f546f19009654a04c4d43e01abec4cef50f9

  • SHA512

    7adfd8c4f73a43431d99ca1fedf0b82a58f26ce781e539f3d885fc1c7f547277e891d869b3dc9febfda42bec0fa7339ae8cb5b3ad9d7f353e78ec0e4f0341ad8

  • SSDEEP

    98304:Nd3wrNuO7Yjqj1KNmLHbren101ch1vm534XOdn8G:r3wNrUqLvcFX43iOT

Malware Config

Targets

    • Target

      cf3990a2ef56e9abdfc1d31bced3f546f19009654a04c4d43e01abec4cef50f9

    • Size

      3.7MB

    • MD5

      f77e35ac550a7b77b97b95320444af1f

    • SHA1

      abfbef264bd0cd6d215be3fb815e7877e339b525

    • SHA256

      cf3990a2ef56e9abdfc1d31bced3f546f19009654a04c4d43e01abec4cef50f9

    • SHA512

      7adfd8c4f73a43431d99ca1fedf0b82a58f26ce781e539f3d885fc1c7f547277e891d869b3dc9febfda42bec0fa7339ae8cb5b3ad9d7f353e78ec0e4f0341ad8

    • SSDEEP

      98304:Nd3wrNuO7Yjqj1KNmLHbren101ch1vm534XOdn8G:r3wNrUqLvcFX43iOT

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks