General

  • Target

    e5f38d71c1b55ca2238326f0dbaafddb7ad975ced04ef1c8d97fcfd7775453f2

  • Size

    3.6MB

  • Sample

    240812-gank8ssapg

  • MD5

    108c5775e8f4842932e4d6e9fefc45f9

  • SHA1

    af5a91fd2d1d2434c980d010b03916c35a2a6809

  • SHA256

    e5f38d71c1b55ca2238326f0dbaafddb7ad975ced04ef1c8d97fcfd7775453f2

  • SHA512

    04203b0852d9861e791cd25799ece547a5ce8e825bed5107184216adc068113c8f91115a33b6a28382b95a48c881bf1fdccbc5e147307794752ed7682235de88

  • SSDEEP

    98304:NXTLk6pLKn7sg93UAegEv1RI1DCsG3bWKotdJ:26SlXeRYCsG10H

Malware Config

Targets

    • Target

      e5f38d71c1b55ca2238326f0dbaafddb7ad975ced04ef1c8d97fcfd7775453f2

    • Size

      3.6MB

    • MD5

      108c5775e8f4842932e4d6e9fefc45f9

    • SHA1

      af5a91fd2d1d2434c980d010b03916c35a2a6809

    • SHA256

      e5f38d71c1b55ca2238326f0dbaafddb7ad975ced04ef1c8d97fcfd7775453f2

    • SHA512

      04203b0852d9861e791cd25799ece547a5ce8e825bed5107184216adc068113c8f91115a33b6a28382b95a48c881bf1fdccbc5e147307794752ed7682235de88

    • SSDEEP

      98304:NXTLk6pLKn7sg93UAegEv1RI1DCsG3bWKotdJ:26SlXeRYCsG10H

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks