Overview

overview

10

Static

static

3

0c7aaf6401...d4.exe

windows7-x64

10

0c7aaf6401...d4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ffc40c13789292372ba1e3dbe57a8f98.bin

  • Size

    3.3MB

  • Sample

    240914-cbfjss1glg

  • MD5

    9ad3e3d42cd8bd451e16a362658fc74f

  • SHA1

    54bf373d20c11c6a9acd2c5a2aff2d29cdbe0f18

  • SHA256

    3b08c0bf59dee045ad9806283fc13bb12d81815b37494f5909303ce7ad212592

  • SHA512

    16ac6463e1c73b77499a6d1a9d9dccef2e100fdd8a9c731c95b09131e8169815bfd1fed55ad1456d839a87076cb852c2ba557dcaba4edfe62b2a6917ceb629c1

  • SSDEEP

    49152:2J88HshuPa0+9Jrul8wkN/16rxP5Fu/TZKOD10i4W+3VDpZGcwql8qoAI:2JpGuPsjrovauvu/VR0iEl9Zxl8UI

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      0c7aaf640120bd6ee174f9a5db14dd22c689815b3a0965bb951de5a52ca896d4.exe

    • Size

      3.3MB

    • MD5

      ffc40c13789292372ba1e3dbe57a8f98

    • SHA1

      8e9c1d8263fa1334a334a838e7da9babe9e73ab3

    • SHA256

      0c7aaf640120bd6ee174f9a5db14dd22c689815b3a0965bb951de5a52ca896d4

    • SHA512

      ec00fd4616c3936b638f4d8fe08975a5f3cf4f462c12f0d01c0472339a77dcffdbd9f2c4fbf77748bd8ddb6e43b3ca1b5b9bb4869619eb088f6263637e12d1eb

    • SSDEEP

      98304:MB4PgMBVUgk5vd/ztpg6M+pJTyOwgYwvg9Ozy:OMsJNJzwwYOpe9

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks