General

  • Target

    020b982738af6f2e599c5a4f5e053e2a55030f78e9ec084f4d45cc52dd60a997

  • Size

    4.0MB

  • Sample

    240811-v56l7azbrr

  • MD5

    424bbbc79bd9fe97e7d90f316d967691

  • SHA1

    5cafa8abaa5caba597cbd6b9f71a2ef246fb50f8

  • SHA256

    020b982738af6f2e599c5a4f5e053e2a55030f78e9ec084f4d45cc52dd60a997

  • SHA512

    883bd3a813b7475157f22196c306996781396143bf46e8f5a73fd056e952f1fe28a071e4198297c0777331c0d0cf4e1562b55888c3bf44daf85c0283ed9417eb

  • SSDEEP

    98304:NjAFRbE99GGbWhcbF9+ZUkXoBbk9FlZ/lFXPaJkDSi8sdX:d4hE9kGShAF9vdm9FlZnP8kmvsV

Malware Config

Targets

    • Target

      020b982738af6f2e599c5a4f5e053e2a55030f78e9ec084f4d45cc52dd60a997

    • Size

      4.0MB

    • MD5

      424bbbc79bd9fe97e7d90f316d967691

    • SHA1

      5cafa8abaa5caba597cbd6b9f71a2ef246fb50f8

    • SHA256

      020b982738af6f2e599c5a4f5e053e2a55030f78e9ec084f4d45cc52dd60a997

    • SHA512

      883bd3a813b7475157f22196c306996781396143bf46e8f5a73fd056e952f1fe28a071e4198297c0777331c0d0cf4e1562b55888c3bf44daf85c0283ed9417eb

    • SSDEEP

      98304:NjAFRbE99GGbWhcbF9+ZUkXoBbk9FlZ/lFXPaJkDSi8sdX:d4hE9kGShAF9vdm9FlZnP8kmvsV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks