General

  • Target

    b00c9bc606824dc90058f5ce00313ff6.exe

  • Size

    4.0MB

  • Sample

    241014-y29ffsybmn

  • MD5

    b00c9bc606824dc90058f5ce00313ff6

  • SHA1

    a59ca316a7299dce0b100f728223f27ef55116cc

  • SHA256

    90998a60d134ec92e788f0c2c79fe00cf27dd440a794d683bc01656db76e145a

  • SHA512

    8677ce146ed4484874dea6a5af5fd1927ad8a67aa66967659f596f1b01496291cbbbe0744ad75031504075ad558127d212450e68ab575233f135e4f107847ab7

  • SSDEEP

    98304:xdWViMCe6YMUGOf0dJx1t9bhwGcyD6xzKEi2aLFo1fSQQz4dObpmB9:DWh2OMdJDt133sKEwLG1SQQzvbpmB9

Malware Config

Targets

    • Target

      b00c9bc606824dc90058f5ce00313ff6.exe

    • Size

      4.0MB

    • MD5

      b00c9bc606824dc90058f5ce00313ff6

    • SHA1

      a59ca316a7299dce0b100f728223f27ef55116cc

    • SHA256

      90998a60d134ec92e788f0c2c79fe00cf27dd440a794d683bc01656db76e145a

    • SHA512

      8677ce146ed4484874dea6a5af5fd1927ad8a67aa66967659f596f1b01496291cbbbe0744ad75031504075ad558127d212450e68ab575233f135e4f107847ab7

    • SSDEEP

      98304:xdWViMCe6YMUGOf0dJx1t9bhwGcyD6xzKEi2aLFo1fSQQz4dObpmB9:DWh2OMdJDt133sKEwLG1SQQzvbpmB9

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks