Overview

overview

10

Static

static

3

1dfe4fa3a0...6e.exe

windows7-x64

10

1dfe4fa3a0...6e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1dfe4fa3a0c76f75012065ecf9d5ee298a27d6125cddcc003437385e8b79c86e

  • Size

    5.1MB

  • Sample

    240522-clqshsha33

  • MD5

    3fc3f8614cb6ee294f9dec735ca481aa

  • SHA1

    904fc7054f1b124abb6bbce188d41860efaa7304

  • SHA256

    1dfe4fa3a0c76f75012065ecf9d5ee298a27d6125cddcc003437385e8b79c86e

  • SHA512

    fcee9601905551959080494a94332c56a1b24a8d6339345b6b5bacfda2dde7948500a86a4b89d81d67a137d9bb754b2f25620519bf5837cf4cac91127d0dd419

  • SSDEEP

    98304:mgV569moze9t0isY5+rNx4LwVmgeDMx3hnT7Ma3tm3dOtpucq2t2:J56Iyg5Ux4cVjiq3tcdsz2

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      1dfe4fa3a0c76f75012065ecf9d5ee298a27d6125cddcc003437385e8b79c86e

    • Size

      5.1MB

    • MD5

      3fc3f8614cb6ee294f9dec735ca481aa

    • SHA1

      904fc7054f1b124abb6bbce188d41860efaa7304

    • SHA256

      1dfe4fa3a0c76f75012065ecf9d5ee298a27d6125cddcc003437385e8b79c86e

    • SHA512

      fcee9601905551959080494a94332c56a1b24a8d6339345b6b5bacfda2dde7948500a86a4b89d81d67a137d9bb754b2f25620519bf5837cf4cac91127d0dd419

    • SSDEEP

      98304:mgV569moze9t0isY5+rNx4LwVmgeDMx3hnT7Ma3tm3dOtpucq2t2:J56Iyg5Ux4cVjiq3tcdsz2

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks