Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    42253ff18d5d70c19fe78640898d93ca712fe39d7e53b939138716b71e216198

  • Size

    2.2MB

  • Sample

    240315-bdxenaef59

  • MD5

    f1fb97a8723b3753f5d895fd486d4519

  • SHA1

    52815c506e6d8b1efd93087ef95642b3030713f6

  • SHA256

    42253ff18d5d70c19fe78640898d93ca712fe39d7e53b939138716b71e216198

  • SHA512

    facda49f4efc9aa246d12021da6620072318f24088d3ab319928245cd038ffe4ce6b9fe4697fa9bcb37f35e84a36c62b8f76f0fe8573def8aade309759d900db

  • SSDEEP

    49152:32miWIdYUJkCUtscwHtojpdYLM5uiR6927UnQhwG31gKNB:mGaXAyojMM5z6M6GwG31JB

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Extracted

Family

socks5systemz

C2

http://bdldcsu.com/search/?q=67e28dd83d5fa62d1358fa4d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a678af915c6ee91

http://bouozoi.com/search/?q=67e28dd8690ea77a165faf187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978a371ea771795af8e05c645db22f31df92d8838ed12a666d307eca743ec4c2b07b52966923a678af915c6ea93

http://bouozoi.com/search/?q=67e28dd8690ea77a165faf187c27d78406abdd88be4b12eab517aa5c96bd86e8908e4f845a8bbc896c58e713bc90c91136b5281fc235a925ed3e00d6bd974a95129070b616e96cc92be20ea478cc51bbe358b90d3b4eed3233d1626a8ff810c0eb939e3dc869

Targets

    • Target

      42253ff18d5d70c19fe78640898d93ca712fe39d7e53b939138716b71e216198

    • Size

      2.2MB

    • MD5

      f1fb97a8723b3753f5d895fd486d4519

    • SHA1

      52815c506e6d8b1efd93087ef95642b3030713f6

    • SHA256

      42253ff18d5d70c19fe78640898d93ca712fe39d7e53b939138716b71e216198

    • SHA512

      facda49f4efc9aa246d12021da6620072318f24088d3ab319928245cd038ffe4ce6b9fe4697fa9bcb37f35e84a36c62b8f76f0fe8573def8aade309759d900db

    • SSDEEP

      49152:32miWIdYUJkCUtscwHtojpdYLM5uiR6927UnQhwG31gKNB:mGaXAyojMM5z6M6GwG31JB

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks