Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    74aefbbc00205160efee63061675ee5d26bf7df0d648cbd7ed67fc792c36f6a5

  • Size

    4.5MB

  • Sample

    240810-2z5w2asfmp

  • MD5

    736f88af8227596dd1f4ef11e8e4cfdd

  • SHA1

    93e2777b194f337cbe087e0afabfa40332ce408e

  • SHA256

    74aefbbc00205160efee63061675ee5d26bf7df0d648cbd7ed67fc792c36f6a5

  • SHA512

    1bfc55f5298d32418a9b6290cb9990efb07b35c32e204872c7d3f9807728d6dcd0a8bb046526c4d69673e2a795e76d2e734aace4e226c2896b4a8f7f3e683b7e

  • SSDEEP

    98304:N+EHLzC/YF25r6Snjw11s497EwMBow6I/VfV2WfNXgWq1b+dRiVdJ:RHLm/Q0G/KwUow6e39gWq9+ID

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      74aefbbc00205160efee63061675ee5d26bf7df0d648cbd7ed67fc792c36f6a5

    • Size

      4.5MB

    • MD5

      736f88af8227596dd1f4ef11e8e4cfdd

    • SHA1

      93e2777b194f337cbe087e0afabfa40332ce408e

    • SHA256

      74aefbbc00205160efee63061675ee5d26bf7df0d648cbd7ed67fc792c36f6a5

    • SHA512

      1bfc55f5298d32418a9b6290cb9990efb07b35c32e204872c7d3f9807728d6dcd0a8bb046526c4d69673e2a795e76d2e734aace4e226c2896b4a8f7f3e683b7e

    • SSDEEP

      98304:N+EHLzC/YF25r6Snjw11s497EwMBow6I/VfV2WfNXgWq1b+dRiVdJ:RHLm/Q0G/KwUow6e39gWq9+ID

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks