General

  • Target

    62a083c9d82a1cf706f026041d68c44def1dc8a17de9ea2e113a309233bb4932

  • Size

    3.9MB

  • Sample

    240812-fh9b8s1ald

  • MD5

    42e6659ce5375cba9b2f69bc618a6f8e

  • SHA1

    6038de3382f0f9a9e17fa15336a0b1b6c19fd567

  • SHA256

    62a083c9d82a1cf706f026041d68c44def1dc8a17de9ea2e113a309233bb4932

  • SHA512

    12ebf6c2c0ec4bed350ededdca87acdc1a9f155c660a3bd41186943b1a5b9c42783001a10c114953f84b08413c397967190fc48adc75e1120116611076eebb4f

  • SSDEEP

    98304:NgaolYoOvFxD5OEZQd+zp/FH8AvWR0FCwKq2kdN:9GMFxdOEadgpdHRxFUPkz

Malware Config

Targets

    • Target

      62a083c9d82a1cf706f026041d68c44def1dc8a17de9ea2e113a309233bb4932

    • Size

      3.9MB

    • MD5

      42e6659ce5375cba9b2f69bc618a6f8e

    • SHA1

      6038de3382f0f9a9e17fa15336a0b1b6c19fd567

    • SHA256

      62a083c9d82a1cf706f026041d68c44def1dc8a17de9ea2e113a309233bb4932

    • SHA512

      12ebf6c2c0ec4bed350ededdca87acdc1a9f155c660a3bd41186943b1a5b9c42783001a10c114953f84b08413c397967190fc48adc75e1120116611076eebb4f

    • SSDEEP

      98304:NgaolYoOvFxD5OEZQd+zp/FH8AvWR0FCwKq2kdN:9GMFxdOEadgpdHRxFUPkz

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks