General

  • Target

    a9eefef8519d3907438021b5e7af34e163ec5243d29f1774f80985f257f05d22

  • Size

    4.0MB

  • Sample

    240811-t1hh5asape

  • MD5

    7c6117cd4940dfeae5448aa21d90c066

  • SHA1

    7d7c60339332cd8da02203870c8a44a83e355db4

  • SHA256

    a9eefef8519d3907438021b5e7af34e163ec5243d29f1774f80985f257f05d22

  • SHA512

    ba5a71572df9c569e4790792472a49a1ab0172f03fe115c3d7d4667844529cc764a9da25b3f8094d00a9792be3f36962128a8ab78408694734b6385e2d910947

  • SSDEEP

    98304:NkMdBQwV7gN1vcYVVEoZoLpWp9ZqwnQjrmvATS9nudX:eMPgBcYdmtWp9ZqwQjrmYTyuV

Malware Config

Targets

    • Target

      a9eefef8519d3907438021b5e7af34e163ec5243d29f1774f80985f257f05d22

    • Size

      4.0MB

    • MD5

      7c6117cd4940dfeae5448aa21d90c066

    • SHA1

      7d7c60339332cd8da02203870c8a44a83e355db4

    • SHA256

      a9eefef8519d3907438021b5e7af34e163ec5243d29f1774f80985f257f05d22

    • SHA512

      ba5a71572df9c569e4790792472a49a1ab0172f03fe115c3d7d4667844529cc764a9da25b3f8094d00a9792be3f36962128a8ab78408694734b6385e2d910947

    • SSDEEP

      98304:NkMdBQwV7gN1vcYVVEoZoLpWp9ZqwnQjrmvATS9nudX:eMPgBcYdmtWp9ZqwQjrmYTyuV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks