General

  • Target

    0335bf11ab02e3b7da19c2fd21fe4bc9603f3b908614dc99c816867ff00c0400

  • Size

    3.7MB

  • Sample

    240811-hg9ygsygln

  • MD5

    fe7431c10e5cf8a482167cc4fd5786d4

  • SHA1

    823e9fe16d980ebe79a3d88642c2cbb4bfce5c18

  • SHA256

    0335bf11ab02e3b7da19c2fd21fe4bc9603f3b908614dc99c816867ff00c0400

  • SHA512

    a579c53ae8f46c7fde28140a7876c0b37048539739ba8cffea80e3fcd741dbd388c57d8a2be09a179140f3bf85fc7cb82e165e20cfde9060a8b7ee96e824bc56

  • SSDEEP

    98304:N7H3qCve5Mb4hDRTwhRbRmWkDQj4B+LpWEdRR:d3PDUlMHYWp8BAbd

Malware Config

Targets

    • Target

      0335bf11ab02e3b7da19c2fd21fe4bc9603f3b908614dc99c816867ff00c0400

    • Size

      3.7MB

    • MD5

      fe7431c10e5cf8a482167cc4fd5786d4

    • SHA1

      823e9fe16d980ebe79a3d88642c2cbb4bfce5c18

    • SHA256

      0335bf11ab02e3b7da19c2fd21fe4bc9603f3b908614dc99c816867ff00c0400

    • SHA512

      a579c53ae8f46c7fde28140a7876c0b37048539739ba8cffea80e3fcd741dbd388c57d8a2be09a179140f3bf85fc7cb82e165e20cfde9060a8b7ee96e824bc56

    • SSDEEP

      98304:N7H3qCve5Mb4hDRTwhRbRmWkDQj4B+LpWEdRR:d3PDUlMHYWp8BAbd

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks