General

  • Target

    8be656265664bb7746e3fb51782f92badc53a4aafa58af7539714405c5743384

  • Size

    3.7MB

  • Sample

    240810-q3a1aasamq

  • MD5

    62227fc77d87926b2218e3cb72d6c8a5

  • SHA1

    fc281baddebfdfe4d516040da9436566da19fd2b

  • SHA256

    8be656265664bb7746e3fb51782f92badc53a4aafa58af7539714405c5743384

  • SHA512

    26314546960d61bec04406f8414be89d02197606048a7ae7e7dc50f5e72365c6ce5a023e4585086507ff28c2e0f23cc153cb842e14fe8755d5520cc80f4d1d60

  • SSDEEP

    98304:NZYQlA+vDxMo1A6WaQ24l4Ovv8fzUJbXTFdZ:7Y/uWog2svv8fzUfP

Malware Config

Targets

    • Target

      8be656265664bb7746e3fb51782f92badc53a4aafa58af7539714405c5743384

    • Size

      3.7MB

    • MD5

      62227fc77d87926b2218e3cb72d6c8a5

    • SHA1

      fc281baddebfdfe4d516040da9436566da19fd2b

    • SHA256

      8be656265664bb7746e3fb51782f92badc53a4aafa58af7539714405c5743384

    • SHA512

      26314546960d61bec04406f8414be89d02197606048a7ae7e7dc50f5e72365c6ce5a023e4585086507ff28c2e0f23cc153cb842e14fe8755d5520cc80f4d1d60

    • SSDEEP

      98304:NZYQlA+vDxMo1A6WaQ24l4Ovv8fzUJbXTFdZ:7Y/uWog2svv8fzUfP

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks