Overview

overview

10

Static

static

3

52e6402c54...29.exe

windows7-x64

10

52e6402c54...29.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    52e6402c5424dd78e23e8e50c61b267b3438e20a2af9745769292905d9a5f929

  • Size

    5.5MB

  • Sample

    241102-levmka1gmf

  • MD5

    4634986a760b0500ab6d6f2fcd747ddb

  • SHA1

    bb674371c6f1a6db7a644d1ac07fb199489dedcc

  • SHA256

    52e6402c5424dd78e23e8e50c61b267b3438e20a2af9745769292905d9a5f929

  • SHA512

    6f68c34eb0b6e6024827f5b7023d5455f892d9bab9ee5446a8637cb5f26b63522ee9a4571c28ef564eac03c3ed0d1ce1989fe190394406cb09c6d7369e3b4681

  • SSDEEP

    98304:CoCNn2faUENXT5qBWKnGe+r0eeHCZ7O7ZbKFvxfeEoxeQxO:un2falNk0KnGF0eeHCcsx2LQQQ

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      52e6402c5424dd78e23e8e50c61b267b3438e20a2af9745769292905d9a5f929

    • Size

      5.5MB

    • MD5

      4634986a760b0500ab6d6f2fcd747ddb

    • SHA1

      bb674371c6f1a6db7a644d1ac07fb199489dedcc

    • SHA256

      52e6402c5424dd78e23e8e50c61b267b3438e20a2af9745769292905d9a5f929

    • SHA512

      6f68c34eb0b6e6024827f5b7023d5455f892d9bab9ee5446a8637cb5f26b63522ee9a4571c28ef564eac03c3ed0d1ce1989fe190394406cb09c6d7369e3b4681

    • SSDEEP

      98304:CoCNn2faUENXT5qBWKnGe+r0eeHCZ7O7ZbKFvxfeEoxeQxO:un2falNk0KnGF0eeHCcsx2LQQQ

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Socks5systemz family

      socks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks