Overview

overview

10

Static

static

3

baaa618702...09.exe

windows7-x64

10

baaa618702...09.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    baaa618702b0ed65594c6e93e9cb6003315fd12ae68e2fda5548f9f1752f6109

  • Size

    6.5MB

  • Sample

    240308-gg788ahe4x

  • MD5

    a914cddecea1c941a13a8da3aa0fb8d3

  • SHA1

    a38b0100102cd193f8ee4f4742a1e6d47eacd587

  • SHA256

    baaa618702b0ed65594c6e93e9cb6003315fd12ae68e2fda5548f9f1752f6109

  • SHA512

    b14ad66e3317931db4d83556be7c1ad90e712ccca7fa4f1576ce6fb522946cbb0436835ea30d6e151d5a0c7891fddca5f0301597a03b00e45ee69920619973a8

  • SSDEEP

    196608:hwT4OknrwAklnH74yKYhm5wRrcV7/jvrKS4dD:he9ewAkd3r+7/jvEdD

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      baaa618702b0ed65594c6e93e9cb6003315fd12ae68e2fda5548f9f1752f6109

    • Size

      6.5MB

    • MD5

      a914cddecea1c941a13a8da3aa0fb8d3

    • SHA1

      a38b0100102cd193f8ee4f4742a1e6d47eacd587

    • SHA256

      baaa618702b0ed65594c6e93e9cb6003315fd12ae68e2fda5548f9f1752f6109

    • SHA512

      b14ad66e3317931db4d83556be7c1ad90e712ccca7fa4f1576ce6fb522946cbb0436835ea30d6e151d5a0c7891fddca5f0301597a03b00e45ee69920619973a8

    • SSDEEP

      196608:hwT4OknrwAklnH74yKYhm5wRrcV7/jvrKS4dD:he9ewAkd3r+7/jvEdD

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks