General

  • Target

    ca15964bb8b10d3e4a27ef007576df57673fb57c11e6f9ddca368158c10a1375

  • Size

    4.2MB

  • Sample

    240812-apdw1s1bjf

  • MD5

    160114a920a57d94e72bec263d148e31

  • SHA1

    f9f5b716c60fc58860b5e277bf45a1e6db1696ed

  • SHA256

    ca15964bb8b10d3e4a27ef007576df57673fb57c11e6f9ddca368158c10a1375

  • SHA512

    4210915d9d982b165a7307a78f29619f68ced17d4b4cc2e2b282c202e46ace59e0882927b9ed54f6543fbc8f78e7b3a62817e18023ba41026998ac00e0cdbf36

  • SSDEEP

    98304:NoS0ynlNKBUU+JDU2nuNt013kszpB2ahv2dX:WCnTRP801nn52V

Malware Config

Targets

    • Target

      ca15964bb8b10d3e4a27ef007576df57673fb57c11e6f9ddca368158c10a1375

    • Size

      4.2MB

    • MD5

      160114a920a57d94e72bec263d148e31

    • SHA1

      f9f5b716c60fc58860b5e277bf45a1e6db1696ed

    • SHA256

      ca15964bb8b10d3e4a27ef007576df57673fb57c11e6f9ddca368158c10a1375

    • SHA512

      4210915d9d982b165a7307a78f29619f68ced17d4b4cc2e2b282c202e46ace59e0882927b9ed54f6543fbc8f78e7b3a62817e18023ba41026998ac00e0cdbf36

    • SSDEEP

      98304:NoS0ynlNKBUU+JDU2nuNt013kszpB2ahv2dX:WCnTRP801nn52V

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks