General

  • Target

    8fe985d276cd720efb48cf1d0f1ad8d728f6388a45f33f53a33d0d4422dda409

  • Size

    3.5MB

  • Sample

    240812-fq2blawhjl

  • MD5

    63aa2491ed013da68d57afd1dcffbce5

  • SHA1

    40b8a5b6899d788a6a44d3f054c27585811922b4

  • SHA256

    8fe985d276cd720efb48cf1d0f1ad8d728f6388a45f33f53a33d0d4422dda409

  • SHA512

    b76f652a960bc04e7a259689c75d799114711e3c8fccf3e2f1558a550efce18230217bdcc330e226d6b5734f80a0dbf86354f02cb7856596372c75eed1981143

  • SSDEEP

    98304:NBxGF/6B5tg664KM8Buaz32trPZcSC7Q144ds:Zy/K5t64YzmtT2SL442

Malware Config

Targets

    • Target

      8fe985d276cd720efb48cf1d0f1ad8d728f6388a45f33f53a33d0d4422dda409

    • Size

      3.5MB

    • MD5

      63aa2491ed013da68d57afd1dcffbce5

    • SHA1

      40b8a5b6899d788a6a44d3f054c27585811922b4

    • SHA256

      8fe985d276cd720efb48cf1d0f1ad8d728f6388a45f33f53a33d0d4422dda409

    • SHA512

      b76f652a960bc04e7a259689c75d799114711e3c8fccf3e2f1558a550efce18230217bdcc330e226d6b5734f80a0dbf86354f02cb7856596372c75eed1981143

    • SSDEEP

      98304:NBxGF/6B5tg664KM8Buaz32trPZcSC7Q144ds:Zy/K5t64YzmtT2SL442

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks