General

  • Target

    a98e71b42f28968b226e9ff6acd9410a5efd676d13795c1a701ec0050f448550

  • Size

    4.3MB

  • Sample

    240812-ck3qpazhjn

  • MD5

    2f84ce46eb0df74097ddd87558a2d6e3

  • SHA1

    81f4149aebd7bff4bf7ebe74bdc5f6c8f68ed9f6

  • SHA256

    a98e71b42f28968b226e9ff6acd9410a5efd676d13795c1a701ec0050f448550

  • SHA512

    1fb678c39340feed6d14fe6001402ac8a621d5b01968fd2b637e18ea7cb746f3df38353074474b268e4f86e9e4b035301342579423b338be54214db75827f028

  • SSDEEP

    98304:NxONBTKueoRnEg6cm7ad/8h5ZQdvZmiRma7PJI9962odX:YzHNE7Xw/kZOma7e9HoV

Malware Config

Targets

    • Target

      a98e71b42f28968b226e9ff6acd9410a5efd676d13795c1a701ec0050f448550

    • Size

      4.3MB

    • MD5

      2f84ce46eb0df74097ddd87558a2d6e3

    • SHA1

      81f4149aebd7bff4bf7ebe74bdc5f6c8f68ed9f6

    • SHA256

      a98e71b42f28968b226e9ff6acd9410a5efd676d13795c1a701ec0050f448550

    • SHA512

      1fb678c39340feed6d14fe6001402ac8a621d5b01968fd2b637e18ea7cb746f3df38353074474b268e4f86e9e4b035301342579423b338be54214db75827f028

    • SSDEEP

      98304:NxONBTKueoRnEg6cm7ad/8h5ZQdvZmiRma7PJI9962odX:YzHNE7Xw/kZOma7e9HoV

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks