Overview

overview

10

Static

static

3

44a6e14ac5...90.exe

windows7-x64

10

44a6e14ac5...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44a6e14ac5c7d6165bc1e6eea995e0a1163b4f052639c3223520edec0e503b90.exe

  • Size

    3.5MB

  • Sample

    241203-em2mhsvmhl

  • MD5

    b0d104587897d6ca2c4d6a3416402c93

  • SHA1

    be9a3c61e38080e5c6e57c00c2c3216a98396a56

  • SHA256

    44a6e14ac5c7d6165bc1e6eea995e0a1163b4f052639c3223520edec0e503b90

  • SHA512

    4b5c2e70988be89ebab3475b39ba266f33f527a8cf9c9b7cee4c0228fa64140887391fd3b8221d7c7f22b3e103fc98e6bcb71f6584d0baf4f1754c8fafb40e63

  • SSDEEP

    98304:NrTEh1NSuHXcBr1f5eALyxAaUgZ0sXMK31X:lgdHXc3/LyVUgZ0LK3V

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      44a6e14ac5c7d6165bc1e6eea995e0a1163b4f052639c3223520edec0e503b90.exe

    • Size

      3.5MB

    • MD5

      b0d104587897d6ca2c4d6a3416402c93

    • SHA1

      be9a3c61e38080e5c6e57c00c2c3216a98396a56

    • SHA256

      44a6e14ac5c7d6165bc1e6eea995e0a1163b4f052639c3223520edec0e503b90

    • SHA512

      4b5c2e70988be89ebab3475b39ba266f33f527a8cf9c9b7cee4c0228fa64140887391fd3b8221d7c7f22b3e103fc98e6bcb71f6584d0baf4f1754c8fafb40e63

    • SSDEEP

      98304:NrTEh1NSuHXcBr1f5eALyxAaUgZ0sXMK31X:lgdHXc3/LyVUgZ0LK3V

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Socks5systemz family

      socks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks