Overview

overview

10

Static

static

3

fb73a481b5...81.exe

windows7-x64

10

fb73a481b5...81.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb73a481b553f79d9fb826a5d973bc84e3905e8cb7da0d34aea8f6c55ac8d381

  • Size

    4.6MB

  • Sample

    241113-ebfwnsypej

  • MD5

    e9cd92888955ec6ca951d1ecd9547247

  • SHA1

    4f7e56c3bcadbe17bd81b8fbd47a0dbe53d03308

  • SHA256

    fb73a481b553f79d9fb826a5d973bc84e3905e8cb7da0d34aea8f6c55ac8d381

  • SHA512

    4d04c1b527021a63503f46585e5358c39a9f8e81453c2586b6399712e5c09d01c93a7dc42f65cb669587d4730c30b4bc247cc760101f03aae6bc35c5d229773b

  • SSDEEP

    98304:48mgP/v+pYZF1O+oBWKLt0PG3ehUEtuf5UMv3+GcFKojWvix:28CEjOCpzgf563Zv

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      fb73a481b553f79d9fb826a5d973bc84e3905e8cb7da0d34aea8f6c55ac8d381

    • Size

      4.6MB

    • MD5

      e9cd92888955ec6ca951d1ecd9547247

    • SHA1

      4f7e56c3bcadbe17bd81b8fbd47a0dbe53d03308

    • SHA256

      fb73a481b553f79d9fb826a5d973bc84e3905e8cb7da0d34aea8f6c55ac8d381

    • SHA512

      4d04c1b527021a63503f46585e5358c39a9f8e81453c2586b6399712e5c09d01c93a7dc42f65cb669587d4730c30b4bc247cc760101f03aae6bc35c5d229773b

    • SSDEEP

      98304:48mgP/v+pYZF1O+oBWKLt0PG3ehUEtuf5UMv3+GcFKojWvix:28CEjOCpzgf563Zv

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Socks5systemz family

      socks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks