General

  • Target

    88b1de75ca505a47864ac4934da81a5f3dd850188c272085c96c598bd17a378a

  • Size

    4.7MB

  • Sample

    240811-azh9gswfqn

  • MD5

    57ebe88416d90b8d2aa472e5f717cb73

  • SHA1

    8b3f37c002b6379248cb9007d9e38abf04f6d4f9

  • SHA256

    88b1de75ca505a47864ac4934da81a5f3dd850188c272085c96c598bd17a378a

  • SHA512

    9b64524eb3218285ccb8df39919fd2cb8d04c9e8c1e26a04baa7fdc60323b8eedc50eada26428cda327d01c43fa998d3c24305544632cf615fcc68f5130eced5

  • SSDEEP

    98304:NlxB7sEAH8zTDotR7bpqj2PHx4hk8x4Gv3WrmU2dJ:9B78H8zgRnpqaPRS4wWrm7D

Malware Config

Targets

    • Target

      88b1de75ca505a47864ac4934da81a5f3dd850188c272085c96c598bd17a378a

    • Size

      4.7MB

    • MD5

      57ebe88416d90b8d2aa472e5f717cb73

    • SHA1

      8b3f37c002b6379248cb9007d9e38abf04f6d4f9

    • SHA256

      88b1de75ca505a47864ac4934da81a5f3dd850188c272085c96c598bd17a378a

    • SHA512

      9b64524eb3218285ccb8df39919fd2cb8d04c9e8c1e26a04baa7fdc60323b8eedc50eada26428cda327d01c43fa998d3c24305544632cf615fcc68f5130eced5

    • SSDEEP

      98304:NlxB7sEAH8zTDotR7bpqj2PHx4hk8x4Gv3WrmU2dJ:9B78H8zgRnpqaPRS4wWrm7D

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks