General

  • Target

    a49eaf6b3e10647f690cca16c6074d24b02c3e5aba61f5e1a7b6243d96628988

  • Size

    4.4MB

  • Sample

    240810-t6p56asbna

  • MD5

    d785028a8fb15bacfea4e84febb76358

  • SHA1

    c4793959c40a68ae67471d3e01b1cabd4c276a09

  • SHA256

    a49eaf6b3e10647f690cca16c6074d24b02c3e5aba61f5e1a7b6243d96628988

  • SHA512

    6c6e3f07a4bdf52ebccef87b6bf12dc2d951d8fca6740d5387855157fe55d13db9c050ca09841b5791756fe971cabd7dea12798d01604c9fc5cd88eb16b17a79

  • SSDEEP

    98304:NaNbTn9cabbwezttWHlzUqxIURefM7wi0kRbdZ:8t9OevWHFyURe+wiPP

Malware Config

Targets

    • Target

      a49eaf6b3e10647f690cca16c6074d24b02c3e5aba61f5e1a7b6243d96628988

    • Size

      4.4MB

    • MD5

      d785028a8fb15bacfea4e84febb76358

    • SHA1

      c4793959c40a68ae67471d3e01b1cabd4c276a09

    • SHA256

      a49eaf6b3e10647f690cca16c6074d24b02c3e5aba61f5e1a7b6243d96628988

    • SHA512

      6c6e3f07a4bdf52ebccef87b6bf12dc2d951d8fca6740d5387855157fe55d13db9c050ca09841b5791756fe971cabd7dea12798d01604c9fc5cd88eb16b17a79

    • SSDEEP

      98304:NaNbTn9cabbwezttWHlzUqxIURefM7wi0kRbdZ:8t9OevWHFyURe+wiPP

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks