General

  • Target

    dfc8aa15dd9e27606e2e014144cd3b58dda83c86be7df8af50487ec6fcfcc662

  • Size

    3.8MB

  • Sample

    240811-f6g8na1cnb

  • MD5

    29cbf8f374f4c0f73e452762a441f3ba

  • SHA1

    09b1c07cca00bc366b4c04fbcdcc618adc7f1326

  • SHA256

    dfc8aa15dd9e27606e2e014144cd3b58dda83c86be7df8af50487ec6fcfcc662

  • SHA512

    98819171427e40c3daf80a282975e405243ec2ae0e9b308b4e4773e4ce9f6c8f19ca652dd63d8a2f6651acfc1430189e1cac26ce5316cc3319cafd13d2cd0888

  • SSDEEP

    49152:1v7c6K9KMyjXS5YYOZDg45sXV6G8oaKk2P2nmeYUSUobedhkoHHOo/ureI9QSKNo:NIUhLYj45k5RQyvcLWT9srCUAEdf4

Malware Config

Targets

    • Target

      dfc8aa15dd9e27606e2e014144cd3b58dda83c86be7df8af50487ec6fcfcc662

    • Size

      3.8MB

    • MD5

      29cbf8f374f4c0f73e452762a441f3ba

    • SHA1

      09b1c07cca00bc366b4c04fbcdcc618adc7f1326

    • SHA256

      dfc8aa15dd9e27606e2e014144cd3b58dda83c86be7df8af50487ec6fcfcc662

    • SHA512

      98819171427e40c3daf80a282975e405243ec2ae0e9b308b4e4773e4ce9f6c8f19ca652dd63d8a2f6651acfc1430189e1cac26ce5316cc3319cafd13d2cd0888

    • SSDEEP

      49152:1v7c6K9KMyjXS5YYOZDg45sXV6G8oaKk2P2nmeYUSUobedhkoHHOo/ureI9QSKNo:NIUhLYj45k5RQyvcLWT9srCUAEdf4

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks