General

  • Target

    35f7125ca4f85894d6017ee7222e7c943eba11520274ff5a0854bbb0c172a782

  • Size

    3.6MB

  • Sample

    240812-mcqfha1bmc

  • MD5

    c1dd190078e041c89f73ebd0ddaae31f

  • SHA1

    6a523a36de2723bf1675bcc17817b5efe066560b

  • SHA256

    35f7125ca4f85894d6017ee7222e7c943eba11520274ff5a0854bbb0c172a782

  • SHA512

    707ddbfcade629162db52fcc70c233656c9012fda5f116658409f573193d545fc5d44232fe216ed8a850a08dd66164b1300028eec8f021cf650292b2ae4343bc

  • SSDEEP

    98304:NtLisPSH6JXWjbf/wJ9H/CUEoE5KLgSkRj3lSyaIdJ+:PLiNUW3/c85rnRj3lS5Im

Malware Config

Targets

    • Target

      35f7125ca4f85894d6017ee7222e7c943eba11520274ff5a0854bbb0c172a782

    • Size

      3.6MB

    • MD5

      c1dd190078e041c89f73ebd0ddaae31f

    • SHA1

      6a523a36de2723bf1675bcc17817b5efe066560b

    • SHA256

      35f7125ca4f85894d6017ee7222e7c943eba11520274ff5a0854bbb0c172a782

    • SHA512

      707ddbfcade629162db52fcc70c233656c9012fda5f116658409f573193d545fc5d44232fe216ed8a850a08dd66164b1300028eec8f021cf650292b2ae4343bc

    • SSDEEP

      98304:NtLisPSH6JXWjbf/wJ9H/CUEoE5KLgSkRj3lSyaIdJ+:PLiNUW3/c85rnRj3lS5Im

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks