General

  • Target

    26afc17eb65309d1cca83bb0eb5b774c62ee2f0a8c3dd3bc1262bc236281069c

  • Size

    3.6MB

  • Sample

    241119-rzh26axjby

  • MD5

    e5da41aae20721a66d5e2b8a0ea5139f

  • SHA1

    804304b4524f275d37a139c4863c17bfeabcac63

  • SHA256

    26afc17eb65309d1cca83bb0eb5b774c62ee2f0a8c3dd3bc1262bc236281069c

  • SHA512

    0966de9995b757b4c06025d315638c78b0828105aa37383c12df820a38134c9d2665771a775dfdcc01848e779403a4b5115784d364ff8ce2e0872f4b887485fd

  • SSDEEP

    98304:Nb+NYs1DZ4+OeqUv2w4yfT+6x2bAeMA1bE+FV2lFz:x+KsM+/ZevUTr2EebBMlFz

Malware Config

Targets

    • Target

      26afc17eb65309d1cca83bb0eb5b774c62ee2f0a8c3dd3bc1262bc236281069c

    • Size

      3.6MB

    • MD5

      e5da41aae20721a66d5e2b8a0ea5139f

    • SHA1

      804304b4524f275d37a139c4863c17bfeabcac63

    • SHA256

      26afc17eb65309d1cca83bb0eb5b774c62ee2f0a8c3dd3bc1262bc236281069c

    • SHA512

      0966de9995b757b4c06025d315638c78b0828105aa37383c12df820a38134c9d2665771a775dfdcc01848e779403a4b5115784d364ff8ce2e0872f4b887485fd

    • SSDEEP

      98304:Nb+NYs1DZ4+OeqUv2w4yfT+6x2bAeMA1bE+FV2lFz:x+KsM+/ZevUTr2EebBMlFz

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Socks5systemz family

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks