General

  • Target

    f30239f410673cde2c95008e073d2266296739ccec92c489c03a961a925b2ac8

  • Size

    4.2MB

  • Sample

    240811-yy8dzszfma

  • MD5

    2bad32391d6af7cc5e4c788029477a17

  • SHA1

    5e885a068de6fd262c7e8b13d8858bd066b2bc7c

  • SHA256

    f30239f410673cde2c95008e073d2266296739ccec92c489c03a961a925b2ac8

  • SHA512

    afa64d669cdae3a8f44cf8f1f9faac24ff0e62576f238e49ea3e4d1b4e149feb15fcb90b52efcfc21868c52e843c59253955b5267c4e3204cf8e26069bb2bbce

  • SSDEEP

    98304:Nkr4u1OwGtYwDMUXl3QxK/vylQeulzXUZO4sbSf8z6mA2/vsdX:6r4GOwH8B4K/vx35COa8Os3sV

Malware Config

Targets

    • Target

      f30239f410673cde2c95008e073d2266296739ccec92c489c03a961a925b2ac8

    • Size

      4.2MB

    • MD5

      2bad32391d6af7cc5e4c788029477a17

    • SHA1

      5e885a068de6fd262c7e8b13d8858bd066b2bc7c

    • SHA256

      f30239f410673cde2c95008e073d2266296739ccec92c489c03a961a925b2ac8

    • SHA512

      afa64d669cdae3a8f44cf8f1f9faac24ff0e62576f238e49ea3e4d1b4e149feb15fcb90b52efcfc21868c52e843c59253955b5267c4e3204cf8e26069bb2bbce

    • SSDEEP

      98304:Nkr4u1OwGtYwDMUXl3QxK/vylQeulzXUZO4sbSf8z6mA2/vsdX:6r4GOwH8B4K/vx35COa8Os3sV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks