General

  • Target

    84e56844319b73a8cecc032ee5a2bc6e36a8b831ac485a26c5583c4bd04de852

  • Size

    4.0MB

  • Sample

    240811-w984jsscjk

  • MD5

    26e919b215eeba54937627f17ec4e60e

  • SHA1

    390cb27ee29d9814bbd33100895790dfe248750e

  • SHA256

    84e56844319b73a8cecc032ee5a2bc6e36a8b831ac485a26c5583c4bd04de852

  • SHA512

    2a29be14349f85ffbcbf5f778d541dcfe7ab467006e16c07d8212df0e68e83df40210f1fa5856fd4ad6bbd5f13198e3c723a650c1c6c85c8c35feacce5fdae70

  • SSDEEP

    98304:NeagVB9uCJHOacJA05PNfjWsHTXKfSYG2q4EY85TIELOifdX:M7rtuTAUNf62Kf5GokTIJcV

Malware Config

Targets

    • Target

      84e56844319b73a8cecc032ee5a2bc6e36a8b831ac485a26c5583c4bd04de852

    • Size

      4.0MB

    • MD5

      26e919b215eeba54937627f17ec4e60e

    • SHA1

      390cb27ee29d9814bbd33100895790dfe248750e

    • SHA256

      84e56844319b73a8cecc032ee5a2bc6e36a8b831ac485a26c5583c4bd04de852

    • SHA512

      2a29be14349f85ffbcbf5f778d541dcfe7ab467006e16c07d8212df0e68e83df40210f1fa5856fd4ad6bbd5f13198e3c723a650c1c6c85c8c35feacce5fdae70

    • SSDEEP

      98304:NeagVB9uCJHOacJA05PNfjWsHTXKfSYG2q4EY85TIELOifdX:M7rtuTAUNf62Kf5GokTIJcV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks