General

  • Target

    a407028c46b5a0e3b1cfcfa246b2b04d7f83bac352d382e35f19abdeb873f962

  • Size

    3.7MB

  • Sample

    240810-pl9lvaygql

  • MD5

    53cd8604845f63f6d9f5f1e082061469

  • SHA1

    4be35c8715be8f648a84c5314a0e2e2f2578286c

  • SHA256

    a407028c46b5a0e3b1cfcfa246b2b04d7f83bac352d382e35f19abdeb873f962

  • SHA512

    9c6e692a2e38c9f80df3835586b73f217ca51189df40af487ed931d8f616aa9a044d49f32e9882d2cc1de6532948d4fde40e6a63a69a8908655430308343f544

  • SSDEEP

    98304:NfLadKjz/pLSWIRx0eyWOMF1uV4QPc9GdJbXQaQFcdXi:JD5SwYF18EwyhcY

Malware Config

Targets

    • Target

      a407028c46b5a0e3b1cfcfa246b2b04d7f83bac352d382e35f19abdeb873f962

    • Size

      3.7MB

    • MD5

      53cd8604845f63f6d9f5f1e082061469

    • SHA1

      4be35c8715be8f648a84c5314a0e2e2f2578286c

    • SHA256

      a407028c46b5a0e3b1cfcfa246b2b04d7f83bac352d382e35f19abdeb873f962

    • SHA512

      9c6e692a2e38c9f80df3835586b73f217ca51189df40af487ed931d8f616aa9a044d49f32e9882d2cc1de6532948d4fde40e6a63a69a8908655430308343f544

    • SSDEEP

      98304:NfLadKjz/pLSWIRx0eyWOMF1uV4QPc9GdJbXQaQFcdXi:JD5SwYF18EwyhcY

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks