General

  • Target

    03dc37425c77d730f1bf559d139e06e8548526c5a68f2eb865f7349cfc4e02ed

  • Size

    4.0MB

  • Sample

    240811-3xkczszcld

  • MD5

    17edde52232e2a177085a54c374f9316

  • SHA1

    58cae2aa8770fb99b80e59858513d1e4cfeab082

  • SHA256

    03dc37425c77d730f1bf559d139e06e8548526c5a68f2eb865f7349cfc4e02ed

  • SHA512

    94a6ac98fec5429e230c4e9de490887df490842bc32e74e66696cd72db9b06182637a82d1170d1edd43f4bd33db71b17871048ea8981524292bd37a2720c98bc

  • SSDEEP

    98304:NjztowQcdjrZtmMx80vQbAW3k/lTkRJ0ZvGNRB+XDoeVMPrXdX:xztfptmMUbA7lCEWvRPrXV

Malware Config

Targets

    • Target

      03dc37425c77d730f1bf559d139e06e8548526c5a68f2eb865f7349cfc4e02ed

    • Size

      4.0MB

    • MD5

      17edde52232e2a177085a54c374f9316

    • SHA1

      58cae2aa8770fb99b80e59858513d1e4cfeab082

    • SHA256

      03dc37425c77d730f1bf559d139e06e8548526c5a68f2eb865f7349cfc4e02ed

    • SHA512

      94a6ac98fec5429e230c4e9de490887df490842bc32e74e66696cd72db9b06182637a82d1170d1edd43f4bd33db71b17871048ea8981524292bd37a2720c98bc

    • SSDEEP

      98304:NjztowQcdjrZtmMx80vQbAW3k/lTkRJ0ZvGNRB+XDoeVMPrXdX:xztfptmMUbA7lCEWvRPrXV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks