Overview

overview

10

Static

static

3

086f33ebfb...0b.exe

windows7-x64

10

086f33ebfb...0b.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    086f33ebfbcabeb3bf3a552a30a46e0b.exe

  • Size

    4.0MB

  • Sample

    240123-dwbl1sgaa9

  • MD5

    086f33ebfbcabeb3bf3a552a30a46e0b

  • SHA1

    c1acbae529d38d1b8d4c0c2f45fac45b69323ab1

  • SHA256

    3552198657f5727845f6a083d3292cb40669f2dfe359475621c4f7457cc0c619

  • SHA512

    99cd7d48c664c01c11f456ef8f963383adec1d6574e57970540c2b5bc96445751e3e274d7a935a95d696b003c2c94b6c483eada78782c2d4518eb01326bcc988

  • SSDEEP

    98304:ndL9xWLs1Esvx3VRy2XOwnqoQyVHXoblgL74+7e:dzwM5S2X9qM3oqLU+7e

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Extracted

Family

socks5systemz

C2

51.159.66.125

217.23.6.51

151.80.38.159

217.23.9.168

37.187.122.227
Attributes
  • rc4_key

    heyfg645fdhwi

Targets

    • Target

      086f33ebfbcabeb3bf3a552a30a46e0b.exe

    • Size

      4.0MB

    • MD5

      086f33ebfbcabeb3bf3a552a30a46e0b

    • SHA1

      c1acbae529d38d1b8d4c0c2f45fac45b69323ab1

    • SHA256

      3552198657f5727845f6a083d3292cb40669f2dfe359475621c4f7457cc0c619

    • SHA512

      99cd7d48c664c01c11f456ef8f963383adec1d6574e57970540c2b5bc96445751e3e274d7a935a95d696b003c2c94b6c483eada78782c2d4518eb01326bcc988

    • SSDEEP

      98304:ndL9xWLs1Esvx3VRy2XOwnqoQyVHXoblgL74+7e:dzwM5S2X9qM3oqLU+7e

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks