General

  • Target

    e2739f62ff16130a225758540a9978734a8ca37d003f134ea2b763ccbda7a2c5

  • Size

    3.7MB

  • Sample

    240811-hcydwsyeqq

  • MD5

    f4684c8fce49ce34e698dbd548f4ef60

  • SHA1

    b1f73a31486c7788aeb66fd11796c4b75f335ebf

  • SHA256

    e2739f62ff16130a225758540a9978734a8ca37d003f134ea2b763ccbda7a2c5

  • SHA512

    3f76eda0b120d5bd141bb25d7b78a4a25cc3710277f1bda636b8c2f829cebb98213ae93e95ab1bf06468cd608b872a7e2c421c6adfbe513766eadc71b579fb47

  • SSDEEP

    98304:NsPoi9i/TB+EGsv1f41n3f3oXIywgwptGkTBZhHsyCAkdu7:ziEwEDN41nCIBpNbhHsrAkM

Malware Config

Targets

    • Target

      e2739f62ff16130a225758540a9978734a8ca37d003f134ea2b763ccbda7a2c5

    • Size

      3.7MB

    • MD5

      f4684c8fce49ce34e698dbd548f4ef60

    • SHA1

      b1f73a31486c7788aeb66fd11796c4b75f335ebf

    • SHA256

      e2739f62ff16130a225758540a9978734a8ca37d003f134ea2b763ccbda7a2c5

    • SHA512

      3f76eda0b120d5bd141bb25d7b78a4a25cc3710277f1bda636b8c2f829cebb98213ae93e95ab1bf06468cd608b872a7e2c421c6adfbe513766eadc71b579fb47

    • SSDEEP

      98304:NsPoi9i/TB+EGsv1f41n3f3oXIywgwptGkTBZhHsyCAkdu7:ziEwEDN41nCIBpNbhHsrAkM

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks