General

  • Target

    4e483f388d73107273ccce789ee04316853b88553a1c0a1459e240b2671705eb

  • Size

    3.5MB

  • Sample

    240812-fppams1cje

  • MD5

    684f1030119b5a3692348ec012cb2c48

  • SHA1

    9991ce7f89301df127475d0cf31057deae885091

  • SHA256

    4e483f388d73107273ccce789ee04316853b88553a1c0a1459e240b2671705eb

  • SHA512

    f8365dbba69b0f2fac7ec5fe6eec0f57f8b9ff72c81137b5fba2e61ccfb93f4cf44fae79375725bfbfb4c8564e5f6f39a0b275f778cee7ae977089a612c5be92

  • SSDEEP

    98304:NR6ETt0x3Dh/a8/zr7f0wWj+5nIlfuusjrL/X3ds:b6Bxzh/l3oYIlGusjf32

Malware Config

Targets

    • Target

      4e483f388d73107273ccce789ee04316853b88553a1c0a1459e240b2671705eb

    • Size

      3.5MB

    • MD5

      684f1030119b5a3692348ec012cb2c48

    • SHA1

      9991ce7f89301df127475d0cf31057deae885091

    • SHA256

      4e483f388d73107273ccce789ee04316853b88553a1c0a1459e240b2671705eb

    • SHA512

      f8365dbba69b0f2fac7ec5fe6eec0f57f8b9ff72c81137b5fba2e61ccfb93f4cf44fae79375725bfbfb4c8564e5f6f39a0b275f778cee7ae977089a612c5be92

    • SSDEEP

      98304:NR6ETt0x3Dh/a8/zr7f0wWj+5nIlfuusjrL/X3ds:b6Bxzh/l3oYIlGusjf32

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks