General

  • Target

    21724dd23ae0c26710bff2a2e5727fdef8d925cea9721f181073cadd7d0ae2f4

  • Size

    3.9MB

  • Sample

    240811-sfhgysyfmc

  • MD5

    b7c3c5949b3fca7b3e86894e8d0c5244

  • SHA1

    0570909d1e23f2a3a5614c33eb47734e994d1131

  • SHA256

    21724dd23ae0c26710bff2a2e5727fdef8d925cea9721f181073cadd7d0ae2f4

  • SHA512

    a46368a59b12ca38a5d0b312a363c797cfac9bb8898a24c54eeecbf0de860349f8f6f2cfd998541cc9f98633a589e26a3e86d83dbe74901960eb5130bf1d1f89

  • SSDEEP

    98304:NWvfrJ4iXLMckpzQ/OriCJGcLV1tDFxjxcnO351WgJ27rm6oBdh:wjLMPpziOrpZBpx4qbMSbL

Malware Config

Targets

    • Target

      21724dd23ae0c26710bff2a2e5727fdef8d925cea9721f181073cadd7d0ae2f4

    • Size

      3.9MB

    • MD5

      b7c3c5949b3fca7b3e86894e8d0c5244

    • SHA1

      0570909d1e23f2a3a5614c33eb47734e994d1131

    • SHA256

      21724dd23ae0c26710bff2a2e5727fdef8d925cea9721f181073cadd7d0ae2f4

    • SHA512

      a46368a59b12ca38a5d0b312a363c797cfac9bb8898a24c54eeecbf0de860349f8f6f2cfd998541cc9f98633a589e26a3e86d83dbe74901960eb5130bf1d1f89

    • SSDEEP

      98304:NWvfrJ4iXLMckpzQ/OriCJGcLV1tDFxjxcnO351WgJ27rm6oBdh:wjLMPpziOrpZBpx4qbMSbL

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks