General

  • Target

    6086addd95fb28ecc9bd5aab696a3a3460481752e42cf1fd24fd532c65c5c64e

  • Size

    4.2MB

  • Sample

    240811-xty43stcml

  • MD5

    a1058b2a6e2af0cf76ecf5b1dd6fe33a

  • SHA1

    09c82539a8fb22890d4f7148c578bef505a0b917

  • SHA256

    6086addd95fb28ecc9bd5aab696a3a3460481752e42cf1fd24fd532c65c5c64e

  • SHA512

    cd5e19b5e6506b5a1c376f7d109d28cb13a70e4fba5a0df32f9d9d2654926fd704841a71c2d27c832721c3442cc8b14bc4ad64ef747dd781cc21c64ab4660f84

  • SSDEEP

    98304:NDeP3TRG19W8turG/StKKnOSMmRUxRINvdUPEuwdX:YTI1RtuC/RKOSMmRUxRCmPEuwV

Malware Config

Targets

    • Target

      6086addd95fb28ecc9bd5aab696a3a3460481752e42cf1fd24fd532c65c5c64e

    • Size

      4.2MB

    • MD5

      a1058b2a6e2af0cf76ecf5b1dd6fe33a

    • SHA1

      09c82539a8fb22890d4f7148c578bef505a0b917

    • SHA256

      6086addd95fb28ecc9bd5aab696a3a3460481752e42cf1fd24fd532c65c5c64e

    • SHA512

      cd5e19b5e6506b5a1c376f7d109d28cb13a70e4fba5a0df32f9d9d2654926fd704841a71c2d27c832721c3442cc8b14bc4ad64ef747dd781cc21c64ab4660f84

    • SSDEEP

      98304:NDeP3TRG19W8turG/StKKnOSMmRUxRINvdUPEuwdX:YTI1RtuC/RKOSMmRUxRCmPEuwV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks