General

  • Target

    e6c1c4a4dd7493dc35174d4be49f636e4d768f59afbd3a87f04a75c684118bbd

  • Size

    3.6MB

  • Sample

    241127-z9l6kaxlbr

  • MD5

    256466a292ad17adbcf12267a785a2cf

  • SHA1

    b19bd32d1b099b25bd4b41844fc1336888876456

  • SHA256

    e6c1c4a4dd7493dc35174d4be49f636e4d768f59afbd3a87f04a75c684118bbd

  • SHA512

    a94bda13590670b3265c35d5cf5449a1b127f5870fa89298acd19e69cca515edc3a8d63cee7f50ea4b2783c61f42f60f492ad5d2214d8ee0b09d8848f612f23b

  • SSDEEP

    98304:NCHObRjrOAwqi+1C+iaC3FizjeukuCxGC4j6yUW2zcMdYfYHbMSmXWrow:E4Jcqx17iD1ifen114j6yVOcZobMVXW5

Malware Config

Targets

    • Target

      e6c1c4a4dd7493dc35174d4be49f636e4d768f59afbd3a87f04a75c684118bbd

    • Size

      3.6MB

    • MD5

      256466a292ad17adbcf12267a785a2cf

    • SHA1

      b19bd32d1b099b25bd4b41844fc1336888876456

    • SHA256

      e6c1c4a4dd7493dc35174d4be49f636e4d768f59afbd3a87f04a75c684118bbd

    • SHA512

      a94bda13590670b3265c35d5cf5449a1b127f5870fa89298acd19e69cca515edc3a8d63cee7f50ea4b2783c61f42f60f492ad5d2214d8ee0b09d8848f612f23b

    • SSDEEP

      98304:NCHObRjrOAwqi+1C+iaC3FizjeukuCxGC4j6yUW2zcMdYfYHbMSmXWrow:E4Jcqx17iD1ifen114j6yVOcZobMVXW5

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Socks5systemz family

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks