General

  • Target

    5ffedb762ba0d490e83b5ade52972a4b6429d08fa56a1cbfa6774b67366c084f

  • Size

    3.6MB

  • Sample

    240812-mw9y9asane

  • MD5

    5c824642663c080588a374d1b5209c19

  • SHA1

    0db6feb31832a610f64cdd83ab625196e22ecd88

  • SHA256

    5ffedb762ba0d490e83b5ade52972a4b6429d08fa56a1cbfa6774b67366c084f

  • SHA512

    7481e5af2e57d23be17dfe6023160100187672ecb9bc18203a4860d57cf5aa16541e479c6b9211f2d863bf488e548a69cb37603264f0c5f9dd7bf60803d54818

  • SSDEEP

    98304:NnOA+t/u8zW1YKrmZgRkudQ18jw5S1EnJ4hMj0J0x9ZRmdJ+:xOA+tmmZ2bjw5HJyU0kRmm

Malware Config

Targets

    • Target

      5ffedb762ba0d490e83b5ade52972a4b6429d08fa56a1cbfa6774b67366c084f

    • Size

      3.6MB

    • MD5

      5c824642663c080588a374d1b5209c19

    • SHA1

      0db6feb31832a610f64cdd83ab625196e22ecd88

    • SHA256

      5ffedb762ba0d490e83b5ade52972a4b6429d08fa56a1cbfa6774b67366c084f

    • SHA512

      7481e5af2e57d23be17dfe6023160100187672ecb9bc18203a4860d57cf5aa16541e479c6b9211f2d863bf488e548a69cb37603264f0c5f9dd7bf60803d54818

    • SSDEEP

      98304:NnOA+t/u8zW1YKrmZgRkudQ18jw5S1EnJ4hMj0J0x9ZRmdJ+:xOA+tmmZ2bjw5HJyU0kRmm

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks