Overview

overview

8

Static

static

socks111.exe

windows7_x64

8

socks111.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    socks111.zip

  • Size

    123KB

  • Sample

    201117-ldbz89svna

  • MD5

    70a89a99b218fa554a88db08fcb481e9

  • SHA1

    f187d8fbb3a45c472d643406ccf2e1c3a8edc77c

  • SHA256

    521abddc3682570eddb16f3a34072b2655f7091f6d15b57f72b44aa53ae7bdd2

  • SHA512

    a501067f7e4f3600980567ebfac86b7d7273febeaa490fce2d8c350ff75352286dba69a5f31845caa4b3505e68d10e2a211f903d4b3e998c246152e74913905b

Score
8/10
discoveryspyware

Malware Config

Targets

    • Target

      socks111.exe

    • Size

      308KB

    • MD5

      01a238362f2523cb7838fd42bdf0091d

    • SHA1

      d97cdde30f6f83d8f6f6b64701002c69800b4b88

    • SHA256

      9689621d55601be8833ad43872cbc8b7a1a956db933575f200b21887426cc32b

    • SHA512

      03a96d44ce2c5145c3db381839e9948cb870bbdebe6f8a7b9af83e1fe97f5621cf58ca6993dd764a3af0450d27bb1a3800660813743fdb318ee1954694c12293

    Score
    8/10
    discoveryspyware

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks