General

  • Target

    b575d8f293a836da6be4dab7d354f73c011e730c8bc0730dc3d4a2b0517be516

  • Size

    4.4MB

  • Sample

    240810-sz9esazdjh

  • MD5

    629a36d902a04273eb43ecf35fd4fc5d

  • SHA1

    0aa37e5a26818dcbbce318cfcf74ff38785e7691

  • SHA256

    b575d8f293a836da6be4dab7d354f73c011e730c8bc0730dc3d4a2b0517be516

  • SHA512

    1f2f107df2fc301bdd32998866a42873c0a160dabe65a00b161f81dad4ae23afd3f3b9691f9139b2120ff60149cc80a3d05367d5cf744c6f84652a10fef0c19c

  • SSDEEP

    98304:NgZXWont9fuXo8lWoN+ANEwz7bNmvueO8M9a3vamdZ:aZ5t9GaoN+A7zNCM4pP

Malware Config

Targets

    • Target

      b575d8f293a836da6be4dab7d354f73c011e730c8bc0730dc3d4a2b0517be516

    • Size

      4.4MB

    • MD5

      629a36d902a04273eb43ecf35fd4fc5d

    • SHA1

      0aa37e5a26818dcbbce318cfcf74ff38785e7691

    • SHA256

      b575d8f293a836da6be4dab7d354f73c011e730c8bc0730dc3d4a2b0517be516

    • SHA512

      1f2f107df2fc301bdd32998866a42873c0a160dabe65a00b161f81dad4ae23afd3f3b9691f9139b2120ff60149cc80a3d05367d5cf744c6f84652a10fef0c19c

    • SSDEEP

      98304:NgZXWont9fuXo8lWoN+ANEwz7bNmvueO8M9a3vamdZ:aZ5t9GaoN+A7zNCM4pP

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks