General

  • Target

    6ae3f8a7781a81bda4930e75e3cbf63e86afbf49ec4e70565b4bdd2aa62457dc

  • Size

    3.8MB

  • Sample

    240810-q8pevsscpq

  • MD5

    efd3b6223dfb1acf19a5bd464d566c73

  • SHA1

    207ad44848def71ed2e09a4349d1d125a44096ed

  • SHA256

    6ae3f8a7781a81bda4930e75e3cbf63e86afbf49ec4e70565b4bdd2aa62457dc

  • SHA512

    e4ff114d0c80570f125151a4ee42dcd54ffbf5f6259dcfb05eb197b80ed545e6a574fa80d37105b64cbdcb98052cc79f7eae6df98d47b06d32d3e78e1b7e9932

  • SSDEEP

    98304:NLITLp6jGVrGRRbhXFt+gnWpwIALSQVMY65ZJDESto9wdZ:Up6jhZXFt+gnFVSQVM5HtG6P

Malware Config

Targets

    • Target

      6ae3f8a7781a81bda4930e75e3cbf63e86afbf49ec4e70565b4bdd2aa62457dc

    • Size

      3.8MB

    • MD5

      efd3b6223dfb1acf19a5bd464d566c73

    • SHA1

      207ad44848def71ed2e09a4349d1d125a44096ed

    • SHA256

      6ae3f8a7781a81bda4930e75e3cbf63e86afbf49ec4e70565b4bdd2aa62457dc

    • SHA512

      e4ff114d0c80570f125151a4ee42dcd54ffbf5f6259dcfb05eb197b80ed545e6a574fa80d37105b64cbdcb98052cc79f7eae6df98d47b06d32d3e78e1b7e9932

    • SSDEEP

      98304:NLITLp6jGVrGRRbhXFt+gnWpwIALSQVMY65ZJDESto9wdZ:Up6jhZXFt+gnFVSQVM5HtG6P

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks