Overview

overview

10

Static

static

3

60a1f8c107...af.exe

windows7-x64

10

60a1f8c107...af.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    394e3a6bd28b14b86472e450039be3c5.bin

  • Size

    6.1MB

  • Sample

    240112-bwhzzschg7

  • MD5

    ef2494d7342c44720ab5254b89ddeefb

  • SHA1

    13ab0cd83117a27bc343f98e82f1a9540e389659

  • SHA256

    463a705f868b55992256f3a807f8beb698590108b0c640eeec963a48ac028e20

  • SHA512

    be5eafa3d04b451b0da756b9957243bbc366e8e14326ca36910523c0cae36795f66b025e164c0714ed1f70f63323d73042e39d2db6a50c68e053119eb2b5a77d

  • SSDEEP

    98304:KeK8x4Jw9t/0KefROPJSmtoIUeTB95IQXkA7gLUOnuvxC9yVs9eZO1cq8yX5lMCs:FpyJc/kOPjt5353XkHUjC9yV+S2l58

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      60a1f8c107a9dbc4b68c7bfa51e81a32307af7a0b02ba946e9632081752002af.exe

    • Size

      6.1MB

    • MD5

      394e3a6bd28b14b86472e450039be3c5

    • SHA1

      02526b8a32029b8bc9ff56e7f9e4a10e23ff1e5f

    • SHA256

      60a1f8c107a9dbc4b68c7bfa51e81a32307af7a0b02ba946e9632081752002af

    • SHA512

      9063135449eae3e9f7d158e43cb3bd2152a0d355179bfa539fe985b5e34b2c887277e0e5430f3b4852fb32c88dae8169b2e75c313ad3a833aaecca7ad8383d95

    • SSDEEP

      196608:Xm/wgXTCixLtsKeSczJVH4EVQ8Nk4GszrzCb8qw54dD:No+iFE5J+E3vGSKJdD

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks