General

  • Target

    8c1941f5d3657404e1e111edcb4e409f80cdcda08f3e28ab170ae2b32a2a901e

  • Size

    3.7MB

  • Sample

    240811-fk1swawcqn

  • MD5

    a6dd4369ae0699f41266c1bb521706d8

  • SHA1

    9d94dffb0c850f071475a52cd1f9575698b971a1

  • SHA256

    8c1941f5d3657404e1e111edcb4e409f80cdcda08f3e28ab170ae2b32a2a901e

  • SHA512

    ad5bd5b49344e96d1928d18542233419c6e5446e50648987f2c5191c0b9879c0ea5eaaa404a7cb17b582b5664ac92ea3445fd29fb8debe54eaaacbe7c2e25edc

  • SSDEEP

    98304:NzgKErVIqUIWBfbg8d9vIOqFkViIukwidf4:pgKEhdUIWBfXskruhid4

Malware Config

Targets

    • Target

      8c1941f5d3657404e1e111edcb4e409f80cdcda08f3e28ab170ae2b32a2a901e

    • Size

      3.7MB

    • MD5

      a6dd4369ae0699f41266c1bb521706d8

    • SHA1

      9d94dffb0c850f071475a52cd1f9575698b971a1

    • SHA256

      8c1941f5d3657404e1e111edcb4e409f80cdcda08f3e28ab170ae2b32a2a901e

    • SHA512

      ad5bd5b49344e96d1928d18542233419c6e5446e50648987f2c5191c0b9879c0ea5eaaa404a7cb17b582b5664ac92ea3445fd29fb8debe54eaaacbe7c2e25edc

    • SSDEEP

      98304:NzgKErVIqUIWBfbg8d9vIOqFkViIukwidf4:pgKEhdUIWBfXskruhid4

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks