Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdb4c07edc11e117e23452f482f436ad3153155c9ec2221b85a30761a2090dd8

  • Size

    7.6MB

  • Sample

    231211-fwbm5aeaap

  • MD5

    b3ba9d9d25454eb9c6ae0c2217a78f9e

  • SHA1

    b99ccd57183378e80d0f64269fe21a49c0771990

  • SHA256

    cdb4c07edc11e117e23452f482f436ad3153155c9ec2221b85a30761a2090dd8

  • SHA512

    e229c73f41779903c5745c45c00cabc25b031c258f4da802e6258557c4c42a9a6be9344bec9948f85a7375847c9ba476ddfb61bbeeff3b14235caff6f2ec9b75

  • SSDEEP

    196608:/nMFx7s+jv/z8VksHQciUwdlxddJnrKHyiKlJq2fcbvY53d:/nt2M1wciX1RmHYSK

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Extracted

Family

socks5systemz

Attributes
  • rc4_key

    i4hiea56#7b&dfw3

Targets

    • Target

      cdb4c07edc11e117e23452f482f436ad3153155c9ec2221b85a30761a2090dd8

    • Size

      7.6MB

    • MD5

      b3ba9d9d25454eb9c6ae0c2217a78f9e

    • SHA1

      b99ccd57183378e80d0f64269fe21a49c0771990

    • SHA256

      cdb4c07edc11e117e23452f482f436ad3153155c9ec2221b85a30761a2090dd8

    • SHA512

      e229c73f41779903c5745c45c00cabc25b031c258f4da802e6258557c4c42a9a6be9344bec9948f85a7375847c9ba476ddfb61bbeeff3b14235caff6f2ec9b75

    • SSDEEP

      196608:/nMFx7s+jv/z8VksHQciUwdlxddJnrKHyiKlJq2fcbvY53d:/nt2M1wciX1RmHYSK

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks