General

  • Target

    7a773e91c9d42009c4058e4f52c9ffbc138c74a64a27fbb5c05b7600cdfc9900

  • Size

    4.4MB

  • Sample

    240810-tkbqms1bra

  • MD5

    0e1de299d2e576fa5c6ee797c62f8ef0

  • SHA1

    b30ae770b3bf59b7c2809b91c2bb0d64c90a2aa7

  • SHA256

    7a773e91c9d42009c4058e4f52c9ffbc138c74a64a27fbb5c05b7600cdfc9900

  • SHA512

    9cd2ab1adbb358427e95b64343201ea419d7fcf96df8d3bf6f538228a732ee8f33dde9048403988a96c94874abccccc6fbd2c4f3fd842d241914cffb0c959056

  • SSDEEP

    98304:N/TlT0PgNtTuj34XNy5hL9eN/qAWTeQcZawlbNwdZ:dlT0YL834khoqhTakwleP

Malware Config

Targets

    • Target

      7a773e91c9d42009c4058e4f52c9ffbc138c74a64a27fbb5c05b7600cdfc9900

    • Size

      4.4MB

    • MD5

      0e1de299d2e576fa5c6ee797c62f8ef0

    • SHA1

      b30ae770b3bf59b7c2809b91c2bb0d64c90a2aa7

    • SHA256

      7a773e91c9d42009c4058e4f52c9ffbc138c74a64a27fbb5c05b7600cdfc9900

    • SHA512

      9cd2ab1adbb358427e95b64343201ea419d7fcf96df8d3bf6f538228a732ee8f33dde9048403988a96c94874abccccc6fbd2c4f3fd842d241914cffb0c959056

    • SSDEEP

      98304:N/TlT0PgNtTuj34XNy5hL9eN/qAWTeQcZawlbNwdZ:dlT0YL834khoqhTakwleP

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks