General

  • Target

    file.exe

  • Size

    4.0MB

  • Sample

    241014-pzl3pswcpb

  • MD5

    5ec2fa51ca8983ef51546011cea3bfb0

  • SHA1

    cbe216a31f13be91b74f558bc1605ceffdbd9368

  • SHA256

    b619d2e402eed71d382d32483778a5fc01d047f684e38c486a57b6b0dde5566e

  • SHA512

    15e6d20ed66d84983cad2550ccbd8d48e14f6ab730868f75c0815bcf20971c2bf823b6f094eb75e27b0935c30e248ece1c1b7b7cd25ec8af23ec39c101754954

  • SSDEEP

    98304:uaETnzw3KeF0jkuLZgQ/b9Nx+N7ZonWkpMnml7I75Hpyefs+v+nBj:GTnWwAmZZ9NI/o3ImI79E+v+Bj

Malware Config

Targets

    • Target

      file.exe

    • Size

      4.0MB

    • MD5

      5ec2fa51ca8983ef51546011cea3bfb0

    • SHA1

      cbe216a31f13be91b74f558bc1605ceffdbd9368

    • SHA256

      b619d2e402eed71d382d32483778a5fc01d047f684e38c486a57b6b0dde5566e

    • SHA512

      15e6d20ed66d84983cad2550ccbd8d48e14f6ab730868f75c0815bcf20971c2bf823b6f094eb75e27b0935c30e248ece1c1b7b7cd25ec8af23ec39c101754954

    • SSDEEP

      98304:uaETnzw3KeF0jkuLZgQ/b9Nx+N7ZonWkpMnml7I75Hpyefs+v+nBj:GTnWwAmZZ9NI/o3ImI79E+v+Bj

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks