General

  • Target

    e2c6d1ac2a8800cc83fcc4ffb15deb2a001456a018b48a91cc152c26642e75af

  • Size

    3.7MB

  • Sample

    240812-hp427sthrd

  • MD5

    d239636283c3f01e8fa11c459f474705

  • SHA1

    7d1cb08d25914442e2b93ccbff96dd69314e8768

  • SHA256

    e2c6d1ac2a8800cc83fcc4ffb15deb2a001456a018b48a91cc152c26642e75af

  • SHA512

    5679b98b5948ec4b489e527ea56aa9f03331b936cc8d021dcb581e7cb17fd6eb7f5ca9567d4e364fc42410d6f7e35edf93131fe46cb910e2f24a21f048f5fd3d

  • SSDEEP

    98304:NyJOUDsMIHw1Iwgl791BEAqwrTQgvxiLORp+YVdj:sO6smwl7PBhrLxiLORZR

Malware Config

Targets

    • Target

      e2c6d1ac2a8800cc83fcc4ffb15deb2a001456a018b48a91cc152c26642e75af

    • Size

      3.7MB

    • MD5

      d239636283c3f01e8fa11c459f474705

    • SHA1

      7d1cb08d25914442e2b93ccbff96dd69314e8768

    • SHA256

      e2c6d1ac2a8800cc83fcc4ffb15deb2a001456a018b48a91cc152c26642e75af

    • SHA512

      5679b98b5948ec4b489e527ea56aa9f03331b936cc8d021dcb581e7cb17fd6eb7f5ca9567d4e364fc42410d6f7e35edf93131fe46cb910e2f24a21f048f5fd3d

    • SSDEEP

      98304:NyJOUDsMIHw1Iwgl791BEAqwrTQgvxiLORp+YVdj:sO6smwl7PBhrLxiLORZR

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks