General

  • Target

    8fd194d74e1189e2b8a4149c44980bfc50af644a36c88e45a433340c519a4635

  • Size

    4.6MB

  • Sample

    240811-cytd6s1bmr

  • MD5

    a43188891d41684a16531786f10801f7

  • SHA1

    c56f82fe02bdfc86424e5d080edfcec8d1890645

  • SHA256

    8fd194d74e1189e2b8a4149c44980bfc50af644a36c88e45a433340c519a4635

  • SHA512

    b0ba3d5818a410f79208a6e63b8ff9df0d0066c5feadcd04248eecec35fbd83fc6365f328a8d31a9f1ac0581453d6ad48a76521f6b0bbaab272f7461691114f3

  • SSDEEP

    98304:NeHfLvCH15LSKvr1TVKNxRETq0lc2rhhYiGoSj3fT/m9JD0zfdJ:0OSKvr1RSRETq2cOzGoS7K9kD

Malware Config

Targets

    • Target

      8fd194d74e1189e2b8a4149c44980bfc50af644a36c88e45a433340c519a4635

    • Size

      4.6MB

    • MD5

      a43188891d41684a16531786f10801f7

    • SHA1

      c56f82fe02bdfc86424e5d080edfcec8d1890645

    • SHA256

      8fd194d74e1189e2b8a4149c44980bfc50af644a36c88e45a433340c519a4635

    • SHA512

      b0ba3d5818a410f79208a6e63b8ff9df0d0066c5feadcd04248eecec35fbd83fc6365f328a8d31a9f1ac0581453d6ad48a76521f6b0bbaab272f7461691114f3

    • SSDEEP

      98304:NeHfLvCH15LSKvr1TVKNxRETq0lc2rhhYiGoSj3fT/m9JD0zfdJ:0OSKvr1RSRETq2cOzGoS7K9kD

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks