General

  • Target

    dd844d21e086b8a4ea87dcac65e7f22d6322bafbac59afff5caefd84c0c439f2

  • Size

    3.6MB

  • Sample

    240811-gtmhaaxgrp

  • MD5

    1ca1ff55a8c157cf50fe907aeb719868

  • SHA1

    4519688451ac3de92d55d38cbbce295ac63d6d83

  • SHA256

    dd844d21e086b8a4ea87dcac65e7f22d6322bafbac59afff5caefd84c0c439f2

  • SHA512

    d93eae4423870b1a6194e27ae88b5d5b645c24072e3cf94b24adf05d789697f2676815c3e041d3dc0a4ad74a070f4c11014e40b6d765d3cca8ed99c85b335afc

  • SSDEEP

    98304:N51qztzgRQNmg0xloL2dVYMZdzE2rxWcmGYIdu7:hQzgRd1xpVYMZhtWcmGtM

Malware Config

Targets

    • Target

      dd844d21e086b8a4ea87dcac65e7f22d6322bafbac59afff5caefd84c0c439f2

    • Size

      3.6MB

    • MD5

      1ca1ff55a8c157cf50fe907aeb719868

    • SHA1

      4519688451ac3de92d55d38cbbce295ac63d6d83

    • SHA256

      dd844d21e086b8a4ea87dcac65e7f22d6322bafbac59afff5caefd84c0c439f2

    • SHA512

      d93eae4423870b1a6194e27ae88b5d5b645c24072e3cf94b24adf05d789697f2676815c3e041d3dc0a4ad74a070f4c11014e40b6d765d3cca8ed99c85b335afc

    • SSDEEP

      98304:N51qztzgRQNmg0xloL2dVYMZdzE2rxWcmGYIdu7:hQzgRd1xpVYMZhtWcmGtM

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks