General

  • Target

    7dcbe341459dbb1ae9e37f1b196cad68d45ef1fabe14d1d2e267f4ccc8398f8f

  • Size

    4.1MB

  • Sample

    240812-a99jessbma

  • MD5

    f6cdc03bd96539e1bb0281cae0537cfc

  • SHA1

    522d13270760b7bbea900665c0d8fdc45632bf5a

  • SHA256

    7dcbe341459dbb1ae9e37f1b196cad68d45ef1fabe14d1d2e267f4ccc8398f8f

  • SHA512

    2043019fff3588ff8fac3af9749b234dbe7c51016c98fe2a7c51d862e5b01bea1bff5c3732d35fcc0ddb48239210b60311d7ff5e6e075704b0bf20af314d7cfc

  • SSDEEP

    98304:N0rlP7nTgC3VrAr0ETH2AgjnUlyVJKXx8B7NKnWdX:urN78Gr00UWrVVcuNFV

Malware Config

Targets

    • Target

      7dcbe341459dbb1ae9e37f1b196cad68d45ef1fabe14d1d2e267f4ccc8398f8f

    • Size

      4.1MB

    • MD5

      f6cdc03bd96539e1bb0281cae0537cfc

    • SHA1

      522d13270760b7bbea900665c0d8fdc45632bf5a

    • SHA256

      7dcbe341459dbb1ae9e37f1b196cad68d45ef1fabe14d1d2e267f4ccc8398f8f

    • SHA512

      2043019fff3588ff8fac3af9749b234dbe7c51016c98fe2a7c51d862e5b01bea1bff5c3732d35fcc0ddb48239210b60311d7ff5e6e075704b0bf20af314d7cfc

    • SSDEEP

      98304:N0rlP7nTgC3VrAr0ETH2AgjnUlyVJKXx8B7NKnWdX:urN78Gr00UWrVVcuNFV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks