Resubmissions

13-11-2024 11:00

241113-m3yvkazmg1 10

13-11-2024 09:37

241113-lljtmsynbs 10

General

  • Target

    ab300c646b395b9bf5268b9066f8cf125541c819825aef8be358d15f43487ae8

  • Size

    5.7MB

  • Sample

    241113-lljtmsynbs

  • MD5

    a72a4b73598223c66b2329ec3681876b

  • SHA1

    e02ba2a0af64ab4edfe8e8f2f778b2e28fd1307e

  • SHA256

    ab300c646b395b9bf5268b9066f8cf125541c819825aef8be358d15f43487ae8

  • SHA512

    dde097b5c428ef795a72b348a4a1c7a01dfa173b12932aa18a0b1756e46bb8b8ab0e4ff94ea0d4f43f6f5c0663e2de4b980bb7f98526cd082d5a6d2510065ec8

  • SSDEEP

    98304:PX4KkfC/nYd51M37MZ7XufeVcN+RKbGPZNn8oyaV6FYMEDiKn0w4EoSyazx11:vGfmYd51M3YZrufe7RJfn8a0FsimWEo+

Malware Config

Targets

    • Target

      ab300c646b395b9bf5268b9066f8cf125541c819825aef8be358d15f43487ae8

    • Size

      5.7MB

    • MD5

      a72a4b73598223c66b2329ec3681876b

    • SHA1

      e02ba2a0af64ab4edfe8e8f2f778b2e28fd1307e

    • SHA256

      ab300c646b395b9bf5268b9066f8cf125541c819825aef8be358d15f43487ae8

    • SHA512

      dde097b5c428ef795a72b348a4a1c7a01dfa173b12932aa18a0b1756e46bb8b8ab0e4ff94ea0d4f43f6f5c0663e2de4b980bb7f98526cd082d5a6d2510065ec8

    • SSDEEP

      98304:PX4KkfC/nYd51M37MZ7XufeVcN+RKbGPZNn8oyaV6FYMEDiKn0w4EoSyazx11:vGfmYd51M3YZrufe7RJfn8a0FsimWEo+

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Socks5systemz family

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks