Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    90d8227917bc5f4b42cc4e784cae7ae53bcf8c4a473759473faa9c64a6d533a1

  • Size

    6.5MB

  • Sample

    240607-aq3a1afd86

  • MD5

    524d9ffa14eb526c17c04d5cdb7af7e6

  • SHA1

    00cf55be9e355c178f73de0ed11223c47fc27b28

  • SHA256

    90d8227917bc5f4b42cc4e784cae7ae53bcf8c4a473759473faa9c64a6d533a1

  • SHA512

    e89d05ed3a973a19cbfc5df0848b0a9ca1a852d27f5ada68b1c3712f3d0731612b47f40a5d246c53fe12568899b95d5f2ffdc58773d51880901b77a0c27295f9

  • SSDEEP

    196608:CRvoTlTxf+RF6B/PsW21SUkjnceIh4t6iWChmf:CN2lT6F6/PsW84cRCtvWn

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      90d8227917bc5f4b42cc4e784cae7ae53bcf8c4a473759473faa9c64a6d533a1

    • Size

      6.5MB

    • MD5

      524d9ffa14eb526c17c04d5cdb7af7e6

    • SHA1

      00cf55be9e355c178f73de0ed11223c47fc27b28

    • SHA256

      90d8227917bc5f4b42cc4e784cae7ae53bcf8c4a473759473faa9c64a6d533a1

    • SHA512

      e89d05ed3a973a19cbfc5df0848b0a9ca1a852d27f5ada68b1c3712f3d0731612b47f40a5d246c53fe12568899b95d5f2ffdc58773d51880901b77a0c27295f9

    • SSDEEP

      196608:CRvoTlTxf+RF6B/PsW21SUkjnceIh4t6iWChmf:CN2lT6F6/PsW84cRCtvWn

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks