General

  • Target

    8e13e4236f6d114ea5e1653149b184caf9d761a3e964aad0b9149ac401d5a4da

  • Size

    3.8MB

  • Sample

    240811-kr54dssfqr

  • MD5

    b47685aa41c0b826dd6b0ac8a51d073c

  • SHA1

    b3961d843dcc80be6374871697d915d12cb32c00

  • SHA256

    8e13e4236f6d114ea5e1653149b184caf9d761a3e964aad0b9149ac401d5a4da

  • SHA512

    654c293d94fc79c91e1939c75c2c1019b044aafd2c5d8925c8c5282c2ad363c402e74d652427af2b0ca6961a1547045f567fee99e0ea6322feabf8659707f503

  • SSDEEP

    98304:Nm9NOadwPhiGUlS1g8eFvTK9c4t9EGE0UfEjiFFedRR:89OQdOgnctaHEjiFAd

Malware Config

Targets

    • Target

      8e13e4236f6d114ea5e1653149b184caf9d761a3e964aad0b9149ac401d5a4da

    • Size

      3.8MB

    • MD5

      b47685aa41c0b826dd6b0ac8a51d073c

    • SHA1

      b3961d843dcc80be6374871697d915d12cb32c00

    • SHA256

      8e13e4236f6d114ea5e1653149b184caf9d761a3e964aad0b9149ac401d5a4da

    • SHA512

      654c293d94fc79c91e1939c75c2c1019b044aafd2c5d8925c8c5282c2ad363c402e74d652427af2b0ca6961a1547045f567fee99e0ea6322feabf8659707f503

    • SSDEEP

      98304:Nm9NOadwPhiGUlS1g8eFvTK9c4t9EGE0UfEjiFFedRR:89OQdOgnctaHEjiFAd

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks