General

  • Target

    dc89c50e4c8399de48d3e16568d20c19.bin

  • Size

    4.1MB

  • Sample

    241103-b7agzsvjap

  • MD5

    701ef40b46eb5f4a8cf69a32db144793

  • SHA1

    03685437d85b7f4a489a263fa11ad5fd7e61aab6

  • SHA256

    f5c101039784cc92c6724629448dd412a07a29e5a8ac228a56c680702b5cc5ed

  • SHA512

    881012421d2f097a0c716f5e85c43dd3b968bbf1ff189c18a39d7d7ca46de56b7249418ca44272811137fa69dbf7a727b3b42278599661e5f5d72dbe148d8168

  • SSDEEP

    98304:R13ExWLJ9YsAKo+HERd8xoeS1LDS3QzuQIiaXQ8GzQd9G511Ve/bHG5j:7UoLb68WLDY0G3urKbHSj

Malware Config

Targets

    • Target

      75e722495c157a05b557580863f90b856d6ec229c7cb4974a008c823377369f5.exe

    • Size

      4.1MB

    • MD5

      dc89c50e4c8399de48d3e16568d20c19

    • SHA1

      b20e3f6df7af6d1bccd7377c04567e1895fb968f

    • SHA256

      75e722495c157a05b557580863f90b856d6ec229c7cb4974a008c823377369f5

    • SHA512

      12e2ce5f6526948c8a43858f54f133dce6cd5bd7b80b170623f7386408ae8c7a7d293df41b14a46d4dc8efc871798f8111ec951275b2a3fb10eec54634968cfd

    • SSDEEP

      98304:ISLPnq/pTlAt97SLFFfm/SnP02BOCu0FyxoQFjoJ+cK:vPnqNlk2Bd/cCT0xoy8Jw

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Socks5systemz family

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks