General

  • Target

    d21791d7fe9efc7b734046f7a80958ca136da5d76dadba1f07fcc0eb14cdcfc3

  • Size

    4.4MB

  • Sample

    240810-v9vqgsthle

  • MD5

    236e26ed883bfd013d7650e46ac9ee4a

  • SHA1

    3d603dfab8c564adcbc0a1f05e962c704154b54a

  • SHA256

    d21791d7fe9efc7b734046f7a80958ca136da5d76dadba1f07fcc0eb14cdcfc3

  • SHA512

    cfc04f5ea4316aa8387265d2ca3fec5cbb6c67f4c1a5e05adb22728e39ce25e42a14e48e0c889dccae7ce9c67ad2cbfcca4ad0540a6cdccdee75dbcb634174b0

  • SSDEEP

    98304:NaTlo3BWc2kHB7RyvrpaYe48T0v93kjNc4+X0EaG4+C9IG65dZ:IlVc2M5IS48GkKYn193GP

Malware Config

Targets

    • Target

      d21791d7fe9efc7b734046f7a80958ca136da5d76dadba1f07fcc0eb14cdcfc3

    • Size

      4.4MB

    • MD5

      236e26ed883bfd013d7650e46ac9ee4a

    • SHA1

      3d603dfab8c564adcbc0a1f05e962c704154b54a

    • SHA256

      d21791d7fe9efc7b734046f7a80958ca136da5d76dadba1f07fcc0eb14cdcfc3

    • SHA512

      cfc04f5ea4316aa8387265d2ca3fec5cbb6c67f4c1a5e05adb22728e39ce25e42a14e48e0c889dccae7ce9c67ad2cbfcca4ad0540a6cdccdee75dbcb634174b0

    • SSDEEP

      98304:NaTlo3BWc2kHB7RyvrpaYe48T0v93kjNc4+X0EaG4+C9IG65dZ:IlVc2M5IS48GkKYn193GP

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks