General

  • Target

    238683778fd97698f4af239018654bbbef1dc192d80fa73c82d3185d9ed8d540

  • Size

    4.2MB

  • Sample

    240811-1mqqxatgpb

  • MD5

    a5ad3ecd27b44ace6331d0f2ef24e82b

  • SHA1

    5886701906bdbb80ddb239bd8a525f60d15d6582

  • SHA256

    238683778fd97698f4af239018654bbbef1dc192d80fa73c82d3185d9ed8d540

  • SHA512

    629cf976574aeb82e7c09e59c162c39ed0bf83954dad585b755e3f1a8864d1122d4539d63a536551047f426a2013636de9bc51f79137a3109c099ecb294b72c3

  • SSDEEP

    98304:NdhBCGKiWTRD9fZLK4jIKAf2aTiEus/U/OdX:bhBCOop9hvjCuaT6sMOV

Malware Config

Targets

    • Target

      238683778fd97698f4af239018654bbbef1dc192d80fa73c82d3185d9ed8d540

    • Size

      4.2MB

    • MD5

      a5ad3ecd27b44ace6331d0f2ef24e82b

    • SHA1

      5886701906bdbb80ddb239bd8a525f60d15d6582

    • SHA256

      238683778fd97698f4af239018654bbbef1dc192d80fa73c82d3185d9ed8d540

    • SHA512

      629cf976574aeb82e7c09e59c162c39ed0bf83954dad585b755e3f1a8864d1122d4539d63a536551047f426a2013636de9bc51f79137a3109c099ecb294b72c3

    • SSDEEP

      98304:NdhBCGKiWTRD9fZLK4jIKAf2aTiEus/U/OdX:bhBCOop9hvjCuaT6sMOV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks