Overview

overview

10

Static

static

3

b1d192ca08...32.exe

windows7-x64

10

b1d192ca08...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b1d192ca08f886186bed8bf55f84e742e12a2d697e48f2bff0c5f1da05671432

  • Size

    5.7MB

  • Sample

    241113-j4f5csxmd1

  • MD5

    11ff50ce31be5296df3be97dcdf6b47c

  • SHA1

    d753cf32b8467f29364665af2d049ffbff533024

  • SHA256

    b1d192ca08f886186bed8bf55f84e742e12a2d697e48f2bff0c5f1da05671432

  • SHA512

    f50d693acc914182cf936fe83318e525504de5ab8e881195c65cf009fa79faefc29fbd6708d48e37bc8aa2ed565f6c74de207cc13e4a85aefbc4dfe367e576a2

  • SSDEEP

    98304:PX4HC9XtFsjh2VNEj6aZIB4DQR2J6q2+5OFOFdr1Ip/69FR+yazx11:vF9aONEXOO9JcOFdrG/oFR+yaR

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      b1d192ca08f886186bed8bf55f84e742e12a2d697e48f2bff0c5f1da05671432

    • Size

      5.7MB

    • MD5

      11ff50ce31be5296df3be97dcdf6b47c

    • SHA1

      d753cf32b8467f29364665af2d049ffbff533024

    • SHA256

      b1d192ca08f886186bed8bf55f84e742e12a2d697e48f2bff0c5f1da05671432

    • SHA512

      f50d693acc914182cf936fe83318e525504de5ab8e881195c65cf009fa79faefc29fbd6708d48e37bc8aa2ed565f6c74de207cc13e4a85aefbc4dfe367e576a2

    • SSDEEP

      98304:PX4HC9XtFsjh2VNEj6aZIB4DQR2J6q2+5OFOFdr1Ip/69FR+yazx11:vF9aONEXOO9JcOFdrG/oFR+yaR

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Socks5systemz family

      socks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks