Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6

  • Size

    4.7MB

  • Sample

    240613-2yxt2atgrc

  • MD5

    a3000003d3f94b0583fb05be70d7562d

  • SHA1

    a3a92ed9f3d07caa92dbca111019ee1d863ea913

  • SHA256

    5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6

  • SHA512

    e61212dcde13d03ef1f663ab5b7d014bebaf1c206a45e0b070aded932c5003a06fe0a4c26991310cecae81c9a376b952fe80f1027dc79c592f25bd5ebe41e9f2

  • SSDEEP

    98304:mUAkeJc7/v40QM64cws/F8KkMcwo0Ro022BY+Kxx6nS0sL7vAlZJKjx:sRu/+N4cwsttk30J22BHK6nS0CAlZcjx

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Extracted

Family

socks5systemz

C2

bbqpgch.com

http://bbqpgch.com/search/?q=67e28dd86a5ef62a130aa5197c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a771ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dfe18c6e99d

dlofbme.info

http://dlofbme.info/search/?q=67e28dd86809f27b415ba51b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1de8889b5e4fa9281ae978a771ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c1e6939c3f

http://dlofbme.info/search/?q=67e28dd86809f27b415ba51b7c27d78406abdd88be4b12eab517aa5c96bd86ec93854f845a8bbc896c58e713bc90c94836b5281fc235a925ed3e04d6bd974a95129070b616e96cc92be510b866db52bee348ee4c2b14a82966836f23d7f210c7ee9d993ac4699012

Targets

    • Target

      5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6

    • Size

      4.7MB

    • MD5

      a3000003d3f94b0583fb05be70d7562d

    • SHA1

      a3a92ed9f3d07caa92dbca111019ee1d863ea913

    • SHA256

      5af279a3801d8f448ae2888ea1cdecf81142cd89b5bb59a3b9107eb518b3d9a6

    • SHA512

      e61212dcde13d03ef1f663ab5b7d014bebaf1c206a45e0b070aded932c5003a06fe0a4c26991310cecae81c9a376b952fe80f1027dc79c592f25bd5ebe41e9f2

    • SSDEEP

      98304:mUAkeJc7/v40QM64cws/F8KkMcwo0Ro022BY+Kxx6nS0sL7vAlZJKjx:sRu/+N4cwsttk30J22BHK6nS0CAlZcjx

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks