Overview

overview

10

Static

static

3

2a64b62e8e...6d.exe

windows7-x64

10

2a64b62e8e...6d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a64b62e8ed1c42a2487233e83d9966d.exe

  • Size

    3.6MB

  • Sample

    241225-j8hhzs1mfx

  • MD5

    2a64b62e8ed1c42a2487233e83d9966d

  • SHA1

    1f72177f8d8c7e5b79e89ea3409817944e8fddc2

  • SHA256

    644eeb4227d395ffd4de04707607098d39281999d7b99746e34a3bdbfc0bd47c

  • SHA512

    c358d9397138933154267f622d921483cf6c2350b3d40a075c9be101e5cbe36c85e41246cf1848f78206866f762139d39b346a4f44c1111edcb8db87a3ac4653

  • SSDEEP

    98304:NVf3lxAIJ2iWDUamdpZfoOSELSnpFfpsaLjIX4YISol8Crj:1GIJ1WIzpkBFfGaPSol8C/

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      2a64b62e8ed1c42a2487233e83d9966d.exe

    • Size

      3.6MB

    • MD5

      2a64b62e8ed1c42a2487233e83d9966d

    • SHA1

      1f72177f8d8c7e5b79e89ea3409817944e8fddc2

    • SHA256

      644eeb4227d395ffd4de04707607098d39281999d7b99746e34a3bdbfc0bd47c

    • SHA512

      c358d9397138933154267f622d921483cf6c2350b3d40a075c9be101e5cbe36c85e41246cf1848f78206866f762139d39b346a4f44c1111edcb8db87a3ac4653

    • SSDEEP

      98304:NVf3lxAIJ2iWDUamdpZfoOSELSnpFfpsaLjIX4YISol8Crj:1GIJ1WIzpkBFfGaPSol8C/

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Socks5systemz family

      socks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks