Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a48b69a5b907d1dfac84e0c54d9a3b1463dd42474b91489aa0ac1ce8eb2ec169

  • Size

    5.1MB

  • Sample

    240711-2kf95axdrn

  • MD5

    fd40c4bc24248b455237e1d8459e1f5a

  • SHA1

    5d843b0bbe64e0056f649dd945e9526d851c5c21

  • SHA256

    a48b69a5b907d1dfac84e0c54d9a3b1463dd42474b91489aa0ac1ce8eb2ec169

  • SHA512

    64c88cc7e15f03f5dc6af01eef93526b84af095ef250cad9d9136e5b265fa1faf9ad106d2186635c3947ee9dc059c9015722956e7bcee7faa4428fa4c1496b40

  • SSDEEP

    98304:CXl6d6m2mTF3yZmLv+G1Epd0278Gs4iPPRj/6vS99cW7tEkXT6jQxn:I8Aeg5GOD782iP5RfV1XeQV

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      a48b69a5b907d1dfac84e0c54d9a3b1463dd42474b91489aa0ac1ce8eb2ec169

    • Size

      5.1MB

    • MD5

      fd40c4bc24248b455237e1d8459e1f5a

    • SHA1

      5d843b0bbe64e0056f649dd945e9526d851c5c21

    • SHA256

      a48b69a5b907d1dfac84e0c54d9a3b1463dd42474b91489aa0ac1ce8eb2ec169

    • SHA512

      64c88cc7e15f03f5dc6af01eef93526b84af095ef250cad9d9136e5b265fa1faf9ad106d2186635c3947ee9dc059c9015722956e7bcee7faa4428fa4c1496b40

    • SSDEEP

      98304:CXl6d6m2mTF3yZmLv+G1Epd0278Gs4iPPRj/6vS99cW7tEkXT6jQxn:I8Aeg5GOD782iP5RfV1XeQV

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks