General

  • Target

    3bb9002860a4ffe7d8e5d596726d9de184b2f25cabf523daffeeb028efb7a77b

  • Size

    3.4MB

  • Sample

    241119-w51avavkfr

  • MD5

    be7cf7631f643ca7e6182e1d537545a9

  • SHA1

    63ece92735a5c602423947e3d4b0fa7ab9c9af22

  • SHA256

    3bb9002860a4ffe7d8e5d596726d9de184b2f25cabf523daffeeb028efb7a77b

  • SHA512

    d02148f979bd58a440d52b934cfb06be8d9424f37b81afde54bd67b01aa12b1d6157b71bf0f18e09a8da9b8142dd0b713259621794756bfb4a363b981d078db7

  • SSDEEP

    98304:NTVqj0Bzk7gcXa2n8eOg1rXcUz+nLRS8L29dw:L4sUb8JqcUz+nLRL2Lw

Malware Config

Targets

    • Target

      3bb9002860a4ffe7d8e5d596726d9de184b2f25cabf523daffeeb028efb7a77b

    • Size

      3.4MB

    • MD5

      be7cf7631f643ca7e6182e1d537545a9

    • SHA1

      63ece92735a5c602423947e3d4b0fa7ab9c9af22

    • SHA256

      3bb9002860a4ffe7d8e5d596726d9de184b2f25cabf523daffeeb028efb7a77b

    • SHA512

      d02148f979bd58a440d52b934cfb06be8d9424f37b81afde54bd67b01aa12b1d6157b71bf0f18e09a8da9b8142dd0b713259621794756bfb4a363b981d078db7

    • SSDEEP

      98304:NTVqj0Bzk7gcXa2n8eOg1rXcUz+nLRS8L29dw:L4sUb8JqcUz+nLRL2Lw

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Socks5systemz family

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks