General

  • Target

    4937ba4f8d0868ba80849fba1408d95fdac3636147881d7035492bf897d47e70

  • Size

    4.1MB

  • Sample

    241125-thysds1mel

  • MD5

    9153fefde24f508172dbf9c1a4288ee2

  • SHA1

    d60815b3bf7d1c2e04071926d8456cdf188b700e

  • SHA256

    4937ba4f8d0868ba80849fba1408d95fdac3636147881d7035492bf897d47e70

  • SHA512

    8cef6aa54db70da4b2df55bee42132f3363a96fac5d318dcf6d114a1aefda7ad7993dbff4e8a2eb213fa045a01a6d7e36e26b2b5082966e7712f0998c334ac13

  • SSDEEP

    98304:N/nKMQ3sFRAidag6T7yj4CuWVIkBp4o+0pcBD2JgtJh1:5aARtIg6T7yjpXIkBpi2i3

Malware Config

Targets

    • Target

      4937ba4f8d0868ba80849fba1408d95fdac3636147881d7035492bf897d47e70

    • Size

      4.1MB

    • MD5

      9153fefde24f508172dbf9c1a4288ee2

    • SHA1

      d60815b3bf7d1c2e04071926d8456cdf188b700e

    • SHA256

      4937ba4f8d0868ba80849fba1408d95fdac3636147881d7035492bf897d47e70

    • SHA512

      8cef6aa54db70da4b2df55bee42132f3363a96fac5d318dcf6d114a1aefda7ad7993dbff4e8a2eb213fa045a01a6d7e36e26b2b5082966e7712f0998c334ac13

    • SSDEEP

      98304:N/nKMQ3sFRAidag6T7yj4CuWVIkBp4o+0pcBD2JgtJh1:5aARtIg6T7yjpXIkBpi2i3

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Socks5systemz family

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks