General

  • Target

    c8b1c0828b8e7f99c2776849e66d5974eedad732953bcfa0dd98b01f9a7fc924

  • Size

    3.7MB

  • Sample

    240812-h8vymsvgke

  • MD5

    6bf7a5b80856410e69ad0dbf076bc33f

  • SHA1

    85b4d7a9d3a583e30cdff2578075b264a35e12ea

  • SHA256

    c8b1c0828b8e7f99c2776849e66d5974eedad732953bcfa0dd98b01f9a7fc924

  • SHA512

    ba012eafda9f0ee28e9bfa604094fd21200bb6388ac73420088c7e8b136991269a0e1db7ffd5724adf1a4909f96104dc48f3893f0675fa6cfb649fcf43f6cff9

  • SSDEEP

    98304:N9ZyrV4z15WYm7rNHIeHUCMkk1cqwelO87/xSR0ixyc93P1tdj:1yrV4z15aNoKMeelDSTR

Malware Config

Targets

    • Target

      c8b1c0828b8e7f99c2776849e66d5974eedad732953bcfa0dd98b01f9a7fc924

    • Size

      3.7MB

    • MD5

      6bf7a5b80856410e69ad0dbf076bc33f

    • SHA1

      85b4d7a9d3a583e30cdff2578075b264a35e12ea

    • SHA256

      c8b1c0828b8e7f99c2776849e66d5974eedad732953bcfa0dd98b01f9a7fc924

    • SHA512

      ba012eafda9f0ee28e9bfa604094fd21200bb6388ac73420088c7e8b136991269a0e1db7ffd5724adf1a4909f96104dc48f3893f0675fa6cfb649fcf43f6cff9

    • SSDEEP

      98304:N9ZyrV4z15WYm7rNHIeHUCMkk1cqwelO87/xSR0ixyc93P1tdj:1yrV4z15aNoKMeelDSTR

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks