Overview

overview

10

Static

static

3

38bd0e9753...94.exe

windows7-x64

10

38bd0e9753...94.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    38bd0e9753393119b1ff5feaf10c43aebf6c97e91dc3b118402220dd9cf91d94

  • Size

    3.4MB

  • Sample

    241124-zgw53avjhq

  • MD5

    263d9c03423a1d91465d6de1589ea964

  • SHA1

    99a919a959740e52636ded47b3e70b7df90a32ca

  • SHA256

    38bd0e9753393119b1ff5feaf10c43aebf6c97e91dc3b118402220dd9cf91d94

  • SHA512

    c1bcafc69fc5b298b94d1dfad6e66d7c21fbcb82a0134a9bcba461b83dbfe85f0d87e29bf53e61d55361a7ef15ae58c5889e90aa1cccfe14ffe196d3002b0e94

  • SSDEEP

    98304:NGtp4G1Gdkfa0OjEBggsDW8CODmMwVfaloNprQd8XoJV:st2cfxOEBTZ8COCMwVfMUnXon

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      38bd0e9753393119b1ff5feaf10c43aebf6c97e91dc3b118402220dd9cf91d94

    • Size

      3.4MB

    • MD5

      263d9c03423a1d91465d6de1589ea964

    • SHA1

      99a919a959740e52636ded47b3e70b7df90a32ca

    • SHA256

      38bd0e9753393119b1ff5feaf10c43aebf6c97e91dc3b118402220dd9cf91d94

    • SHA512

      c1bcafc69fc5b298b94d1dfad6e66d7c21fbcb82a0134a9bcba461b83dbfe85f0d87e29bf53e61d55361a7ef15ae58c5889e90aa1cccfe14ffe196d3002b0e94

    • SSDEEP

      98304:NGtp4G1Gdkfa0OjEBggsDW8CODmMwVfaloNprQd8XoJV:st2cfxOEBTZ8COCMwVfMUnXon

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Socks5systemz family

      socks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks