Overview

overview

10

Static

static

3

d27bb38270...17.exe

windows7-x64

10

d27bb38270...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d27bb38270ef89e710729a2c00e6f06f9d9a7a85f5278bdb909c440c735fd417

  • Size

    5.8MB

  • Sample

    241113-2wk3fstreq

  • MD5

    796ab80b09fbefdeb060289adfd5c7a7

  • SHA1

    15ddb91009a1bae970bf616df0a6eaecf7ffa37c

  • SHA256

    d27bb38270ef89e710729a2c00e6f06f9d9a7a85f5278bdb909c440c735fd417

  • SHA512

    b08566723c58d155ba18fe0df6bf392a977f74c37377bc297a8a8f2a47ef211f6ebd7552f176e5031537a9693c125a7c18e4d1208e67d18cc4e03b47ecd067f7

  • SSDEEP

    98304:PX4qk/3tfGAIvZ8XZZrTQIzA2+QdGJvN02pBPVUIt8Ug7Riyazx10g:vNauAiZ+rQolGJvm2pBP38Ucsyaf

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      d27bb38270ef89e710729a2c00e6f06f9d9a7a85f5278bdb909c440c735fd417

    • Size

      5.8MB

    • MD5

      796ab80b09fbefdeb060289adfd5c7a7

    • SHA1

      15ddb91009a1bae970bf616df0a6eaecf7ffa37c

    • SHA256

      d27bb38270ef89e710729a2c00e6f06f9d9a7a85f5278bdb909c440c735fd417

    • SHA512

      b08566723c58d155ba18fe0df6bf392a977f74c37377bc297a8a8f2a47ef211f6ebd7552f176e5031537a9693c125a7c18e4d1208e67d18cc4e03b47ecd067f7

    • SSDEEP

      98304:PX4qk/3tfGAIvZ8XZZrTQIzA2+QdGJvN02pBPVUIt8Ug7Riyazx10g:vNauAiZ+rQolGJvm2pBP38Ucsyaf

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Socks5systemz family

      socks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks