General

  • Target

    30344360f5beefb0712d29f2d54bc97f6139d4804384d2d17c1d6928cbe2a304

  • Size

    3.8MB

  • Sample

    240812-fpeffa1brf

  • MD5

    ae68fa7a4f0cd5ca39b30839bace544d

  • SHA1

    4d5a3db5306552d03d34bb64051961d769e7a513

  • SHA256

    30344360f5beefb0712d29f2d54bc97f6139d4804384d2d17c1d6928cbe2a304

  • SHA512

    c17ef8a5ad9b73457be7147fd16b5972b4ff4f9649f944dd618206219f5fd0bff16731baf8146448f8d1611e39488216090b1ff9e392a35bc677d21908eb743a

  • SSDEEP

    98304:N+OKS9lu/mntinlRwsQzNjJfYO4xRHtk5R7dVMP:EOznmmnt6kbzNjJKLHtk5R7S

Malware Config

Targets

    • Target

      30344360f5beefb0712d29f2d54bc97f6139d4804384d2d17c1d6928cbe2a304

    • Size

      3.8MB

    • MD5

      ae68fa7a4f0cd5ca39b30839bace544d

    • SHA1

      4d5a3db5306552d03d34bb64051961d769e7a513

    • SHA256

      30344360f5beefb0712d29f2d54bc97f6139d4804384d2d17c1d6928cbe2a304

    • SHA512

      c17ef8a5ad9b73457be7147fd16b5972b4ff4f9649f944dd618206219f5fd0bff16731baf8146448f8d1611e39488216090b1ff9e392a35bc677d21908eb743a

    • SSDEEP

      98304:N+OKS9lu/mntinlRwsQzNjJfYO4xRHtk5R7dVMP:EOznmmnt6kbzNjJKLHtk5R7S

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks