General

  • Target

    ea2167298c12b13af74689dea48d4857dde77d04b829d3b0e2925dbfbb7f4063

  • Size

    3.9MB

  • Sample

    240812-kxn23aybka

  • MD5

    1c22728b4df9c6d588f6699f9a69c017

  • SHA1

    dc82456db07c29bbcf6d0fdb4c7b2fd8a22ea820

  • SHA256

    ea2167298c12b13af74689dea48d4857dde77d04b829d3b0e2925dbfbb7f4063

  • SHA512

    4179571e29bd05c6f1925ff179cae0b8bb2e30192cd99a98b718fed6ab87ddc07cbf72e1f800c73d1d43bc157da8c66ddd24cd8939debf157c7bcf6e6a66748a

  • SSDEEP

    98304:NqBVrUIEe84PsRQ4IEQ2+3oOag1gxF6cGcdgMGfvudj:4jE8p9D2eoOXgn1CB+R

Malware Config

Targets

    • Target

      ea2167298c12b13af74689dea48d4857dde77d04b829d3b0e2925dbfbb7f4063

    • Size

      3.9MB

    • MD5

      1c22728b4df9c6d588f6699f9a69c017

    • SHA1

      dc82456db07c29bbcf6d0fdb4c7b2fd8a22ea820

    • SHA256

      ea2167298c12b13af74689dea48d4857dde77d04b829d3b0e2925dbfbb7f4063

    • SHA512

      4179571e29bd05c6f1925ff179cae0b8bb2e30192cd99a98b718fed6ab87ddc07cbf72e1f800c73d1d43bc157da8c66ddd24cd8939debf157c7bcf6e6a66748a

    • SSDEEP

      98304:NqBVrUIEe84PsRQ4IEQ2+3oOag1gxF6cGcdgMGfvudj:4jE8p9D2eoOXgn1CB+R

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks