General

  • Target

    97760fc9b241db6bad15dd4b4ac9576b1f4dd9bbc27705c1572f7fd4d96a2b4a

  • Size

    5.9MB

  • Sample

    241107-x38d4sxeqd

  • MD5

    bff1c145dbd48dcafd2c0bef4bfac9ee

  • SHA1

    0595d0ea53d53fe5c3d92ad8919951a57465569d

  • SHA256

    97760fc9b241db6bad15dd4b4ac9576b1f4dd9bbc27705c1572f7fd4d96a2b4a

  • SHA512

    e882d46647b44caa8242f7cb1f5baf73e63190b1054de00e7a5844cb476159e1e61062c291c2ad8053ba456544fd411b700e580fd246ac7e227f9b66a39bbf41

  • SSDEEP

    98304:4nNufOqxv0RJV6WDVKPdG6MswRcw+NwTZ3YuziLCIvnaB/mgkwUDNmT3DdbWPnJb:ONuJM1+Gmw2HWTZWvC/k9PnJkQ

Malware Config

Targets

    • Target

      97760fc9b241db6bad15dd4b4ac9576b1f4dd9bbc27705c1572f7fd4d96a2b4a

    • Size

      5.9MB

    • MD5

      bff1c145dbd48dcafd2c0bef4bfac9ee

    • SHA1

      0595d0ea53d53fe5c3d92ad8919951a57465569d

    • SHA256

      97760fc9b241db6bad15dd4b4ac9576b1f4dd9bbc27705c1572f7fd4d96a2b4a

    • SHA512

      e882d46647b44caa8242f7cb1f5baf73e63190b1054de00e7a5844cb476159e1e61062c291c2ad8053ba456544fd411b700e580fd246ac7e227f9b66a39bbf41

    • SSDEEP

      98304:4nNufOqxv0RJV6WDVKPdG6MswRcw+NwTZ3YuziLCIvnaB/mgkwUDNmT3DdbWPnJb:ONuJM1+Gmw2HWTZWvC/k9PnJkQ

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Socks5systemz family

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks