General

  • Target

    7b98a34c835ecc88e7f7c1091e3f429a05c47fc636aed4e5a7470db7f804ec31

  • Size

    4.4MB

  • Sample

    240812-fqneqswgrm

  • MD5

    5589cb97e000a5cec2d098b08268df5b

  • SHA1

    b168310043eb169d86e4d3b8d9f96114dd37fb19

  • SHA256

    7b98a34c835ecc88e7f7c1091e3f429a05c47fc636aed4e5a7470db7f804ec31

  • SHA512

    53ee526d2424ea0d91a66d3cc87917e8f8357c7c111f82c9293f06c54bb54760d2a3594c8927c4b3110ef54df7668a141362b8bdff47cd52fccb7ab1135fdb0b

  • SSDEEP

    98304:NEMY2mdOV1wM8IV+bDUWk7zhiPkLaWyAfTaG202KFP2omGoVfyYsPdZ:6+mdu1wMknFPPOGGtH2oEyY6P

Malware Config

Targets

    • Target

      7b98a34c835ecc88e7f7c1091e3f429a05c47fc636aed4e5a7470db7f804ec31

    • Size

      4.4MB

    • MD5

      5589cb97e000a5cec2d098b08268df5b

    • SHA1

      b168310043eb169d86e4d3b8d9f96114dd37fb19

    • SHA256

      7b98a34c835ecc88e7f7c1091e3f429a05c47fc636aed4e5a7470db7f804ec31

    • SHA512

      53ee526d2424ea0d91a66d3cc87917e8f8357c7c111f82c9293f06c54bb54760d2a3594c8927c4b3110ef54df7668a141362b8bdff47cd52fccb7ab1135fdb0b

    • SSDEEP

      98304:NEMY2mdOV1wM8IV+bDUWk7zhiPkLaWyAfTaG202KFP2omGoVfyYsPdZ:6+mdu1wMknFPPOGGtH2oEyY6P

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks