General

  • Target

    d536fbcc2236e36880859630eb896db92c6c43e1671bf73bcb75888585496d98

  • Size

    3.9MB

  • Sample

    240812-e133havfrl

  • MD5

    9703c253ee9f61c082a630abd739df29

  • SHA1

    334d7d874c25d6701791858af16cee45761e47ba

  • SHA256

    d536fbcc2236e36880859630eb896db92c6c43e1671bf73bcb75888585496d98

  • SHA512

    085b2f551e6832c44037744b731579497e07efd9ace061b20940a0497488497c9888e5054aeefe87a8755cbfbc54e525f5a339e03a84bd0ad360788884b2098a

  • SSDEEP

    98304:NdTosuA4WrlWOXXGFIy47alo9U82pYeaK5o+3DE3+I0NadF:14747Sx8+Yi5o+zE7SaX

Malware Config

Targets

    • Target

      d536fbcc2236e36880859630eb896db92c6c43e1671bf73bcb75888585496d98

    • Size

      3.9MB

    • MD5

      9703c253ee9f61c082a630abd739df29

    • SHA1

      334d7d874c25d6701791858af16cee45761e47ba

    • SHA256

      d536fbcc2236e36880859630eb896db92c6c43e1671bf73bcb75888585496d98

    • SHA512

      085b2f551e6832c44037744b731579497e07efd9ace061b20940a0497488497c9888e5054aeefe87a8755cbfbc54e525f5a339e03a84bd0ad360788884b2098a

    • SSDEEP

      98304:NdTosuA4WrlWOXXGFIy47alo9U82pYeaK5o+3DE3+I0NadF:14747Sx8+Yi5o+zE7SaX

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks