General

  • Target

    be67ff9d54abe82de493fdb9f2e49b4037e8c2aa11cd46bc805270573f61872c

  • Size

    3.7MB

  • Sample

    240811-h4jptazfnr

  • MD5

    7df87cdce523d073c7714b86cee76868

  • SHA1

    6f2346ef05d4fe379995160807b209fc2cac1319

  • SHA256

    be67ff9d54abe82de493fdb9f2e49b4037e8c2aa11cd46bc805270573f61872c

  • SHA512

    99d695ccd05fb9dd7c856507dd698992365447500cbff6a910c40637a87df9dc29cb3b815443522204d683632cbff531a859ec409a841fcfe3d09b65813c9ee8

  • SSDEEP

    98304:NvljcRWLNU+EFm1antJQblLj40S3GpiexdRR:FlTWBXtJQIK5d

Malware Config

Targets

    • Target

      be67ff9d54abe82de493fdb9f2e49b4037e8c2aa11cd46bc805270573f61872c

    • Size

      3.7MB

    • MD5

      7df87cdce523d073c7714b86cee76868

    • SHA1

      6f2346ef05d4fe379995160807b209fc2cac1319

    • SHA256

      be67ff9d54abe82de493fdb9f2e49b4037e8c2aa11cd46bc805270573f61872c

    • SHA512

      99d695ccd05fb9dd7c856507dd698992365447500cbff6a910c40637a87df9dc29cb3b815443522204d683632cbff531a859ec409a841fcfe3d09b65813c9ee8

    • SSDEEP

      98304:NvljcRWLNU+EFm1antJQblLj40S3GpiexdRR:FlTWBXtJQIK5d

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks