Overview

overview

10

Static

static

1

right-arrow.xml

windows11-21h2-x64

10

Resubmissions

24/06/2024, 12:38

240624-pt9xkssdkh 10

24/06/2024, 12:27

240624-pmqv5asaqa 10

24/06/2024, 12:25

240624-pl5b5avhmk 1

24/06/2024, 12:08

240624-pbaprsvdlr 8

Sharing

Copy URL Twitter E-mail

General

  • Target

    right-arrow.svg

  • Size

    942B

  • Sample

    240624-pt9xkssdkh

  • MD5

    082515300dff3450faa8780515be7d49

  • SHA1

    5c26504a54ba6d7c9dd2b4eeb3c2b4232a4af9b1

  • SHA256

    a95a3d988edb17d894e845c6b4055e59ed773bd2d7e10bdea43a9de3bb498100

  • SHA512

    c35a439b2a0232336c821c6bb883936b71d92ef58b1698b605069577fa81bfb444a6b1c40084d6b6585ca4f961b5e3a5bb5fa8c39988dd17a53ebbcef326abc6

Score
10/10
socks5systemzbotnetdiscoveryexecutionspywarestealer

Malware Config

Extracted

Family

socks5systemz

C2

youtube.com

buyxlzz.com

http://buyxlzz.com/search/?q=67e28dd83d0ea428165baf167c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a371ea771795af8e05c443db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff613c3ed9c933d

http://buyxlzz.com/search/?q=67e28dd83d0ea428165baf167c27d78406abdd88be4b12eab517aa5c96bd86ea92834496148ab2865b77f80ebad9c40f7cb63037ed2ab423a4664383ba915d911ec079b006a0708727e40ea678c751bbe34efb0e2807e12571c17f3e83fe16c1e6979939c46690

Targets

    • Target

      right-arrow.svg

    • Size

      942B

    • MD5

      082515300dff3450faa8780515be7d49

    • SHA1

      5c26504a54ba6d7c9dd2b4eeb3c2b4232a4af9b1

    • SHA256

      a95a3d988edb17d894e845c6b4055e59ed773bd2d7e10bdea43a9de3bb498100

    • SHA512

      c35a439b2a0232336c821c6bb883936b71d92ef58b1698b605069577fa81bfb444a6b1c40084d6b6585ca4f961b5e3a5bb5fa8c39988dd17a53ebbcef326abc6

    Score
    10/10
    socks5systemzbotnetdiscoveryexecutionspywarestealer

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution

    • Downloads MZ/PE file

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks