Overview

overview

10

Static

static

10

infected20...01.zip

windows7-x64

infected20...01.zip

windows10-2004-x64

infected20...01.zip

android-11-x64

infected20...01.zip

android-13-x64

infected20...01.zip

macos-10.15-amd64

infected20...01.zip

ubuntu-18.04-amd64

infected20...01.zip

debian-9-armhf

infected20...01.zip

debian-9-mips

infected20...01.zip

debian-9-mipsel

1�L�iŚ.pyc

windows7-x64

1�L�iŚ.pyc

windows10-2004-x64

1�L�iŚ.pyc

android-9-x86

1�L�iŚ.pyc

android-13-x64

1�L�iŚ.pyc

macos-10.15-amd64

1�L�iŚ.pyc

ubuntu-18.04-amd64

1�L�iŚ.pyc

debian-9-armhf

1�L�iŚ.pyc

debian-9-mips

1�L�iŚ.pyc

debian-9-mipsel

helper.bat

windows7-x64

8

helper.bat

windows10-2004-x64

8

helper.bat

android-9-x86

helper.bat

android-13-x64

helper.bat

macos-10.15-amd64

helper.bat

ubuntu-18.04-amd64

helper.bat

debian-9-armhf

helper.bat

debian-9-mips

helper.bat

debian-9-mipsel

setup.exe

windows7-x64

10

setup.exe

windows10-2004-x64

10

setup.exe

android-11-x64

setup.exe

android-13-x64

setup.exe

macos-10.15-amd64

Resubmissions

21-01-2025 13:35

250121-qvptgawqbk 10

21-01-2025 11:58

250121-n5b91ssqem 10

21-01-2025 11:44

250121-nwlr4a1qhs 10

21-01-2025 11:07

250121-m7zbws1kfn 10

17-07-2024 20:08

240717-ywvp4swhjk 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    infected2024071401.zip

  • Size

    54.3MB

  • Sample

    250121-m7zbws1kfn

  • MD5

    1deae7b244bd725828d39c59ccb36f5b

  • SHA1

    af1298cefef18ddae3bc472b61828d4b8ee30594

  • SHA256

    c56c00ca3f42026f17affef76b3752f268d1498f862b3143985ca7c1d33feb39

  • SHA512

    15d37132af78f43b79da983fdd7db5a6716d9eded87568e1c1a24a8241f5e4e0f7de22b6c72a0640dd027ddc50f2f24fdb0ec5b8a2ed606588e2ce80aa873bbe

  • SSDEEP

    1572864:ZCPcetzLnPM24Z4Ienxa/x4AW+kTpM/vpnT:M3LnPHxACSkTpqvpnT

Score
10/10
blankgrabbersocks5systemzandroidbotnetdiscoveryexecutionlinuxmacos

Malware Config

Targets

    • Target

      infected2024071401.zip

    • Size

      54.3MB

    • MD5

      1deae7b244bd725828d39c59ccb36f5b

    • SHA1

      af1298cefef18ddae3bc472b61828d4b8ee30594

    • SHA256

      c56c00ca3f42026f17affef76b3752f268d1498f862b3143985ca7c1d33feb39

    • SHA512

      15d37132af78f43b79da983fdd7db5a6716d9eded87568e1c1a24a8241f5e4e0f7de22b6c72a0640dd027ddc50f2f24fdb0ec5b8a2ed606588e2ce80aa873bbe

    • SSDEEP

      1572864:ZCPcetzLnPM24Z4Ienxa/x4AW+kTpM/vpnT:M3LnPHxACSkTpqvpnT

    Score
    3/10
    discovery
    behavioral1behavioral2behavioral3behavioral4behavioral5behavioral6behavioral7behavioral8behavioral9

    • Target

      1�L�iŚ.pyc

    • Size

      857B

    • MD5

      0d05ea9df13972dc4ded98244e029da4

    • SHA1

      439cc2f447bc7a5ea554279491664e0ba699333d

    • SHA256

      aa18b36e8260dbfaffe4191216319556ae73c8654f358315aba43e87a9193317

    • SHA512

      5217184928a86a04b8ce4f5380882ff49ac5aa4bdcbf70090abe8be479038806e5aabcf7fc2c65d35662c77c1776233c90f09a4ff3c41061f981f68db63b778f

    Score
    1/10
    behavioral10behavioral11behavioral12behavioral13behavioral14behavioral15behavioral16behavioral17behavioral18

    • Target

      helper.bat

    • Size

      27KB

    • MD5

      8d987e2f2fef6f2bd726d392bac46c55

    • SHA1

      64ab8a696b52189d5fd809da924d1dc36e07d7c3

    • SHA256

      10e4a6b54cc0cf4d18dde8b69e0b305abe487e07ed990c5bff82ce30b217b910

    • SHA512

      a8c48da620cfc0b4ea55efba87a98625e4b1eaf4553006a259fc5915836afcdee413180d1dcfc40ab8830741257f5ab723d4536788b0d751a6ba8a28cbfcdf45

    • SSDEEP

      768:AZWM6xwaPdP30trmRblevg8heVbaEUdLQdy6VTRZE3mn:ZM6xzR30ZmRb4YI2TILQdy6VTRL

    Score
    8/10
    execution

    • Command and Scripting Interpreter: PowerShell

      Run Powershell and hide display window.

      execution
    behavioral19behavioral20behavioral21behavioral22behavioral23behavioral24behavioral25behavioral26behavioral27

    • Target

      setup.exe

    • Size

      5.0MB

    • MD5

      d6dd2275a92bd37adb3a886255a431ef

    • SHA1

      a28933f79041f29a681cfb444fc7b8d63435c510

    • SHA256

      e51f3f998cd7c0783deb68c18c39b6ccf77f5dca0b611ddd23dcf09845ab8b31

    • SHA512

      1c303bf3dfc8ba54d02096615cdbf34752a312c2478f16c3fc38a8e75b2ab0619fb46e434b2b96aa89114873c3659db91fb9e0308fe47d91d0b9124e48814ded

    • SSDEEP

      98304:Cf6hoGwhlxoORmkoq6LoTxHVo81F728I/e6KMMj9BZCloOhyNnh+IDQxb:avpeAZILoTFT1s8n9TfhdDQB

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Socks5systemz family

      socks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral28behavioral29behavioral30behavioral31behavioral32

MITRE ATT&CK Enterprise v15

Tasks

static1

blankgrabber
Score
10/10

behavioral1

Score
1/10

behavioral2

Score
1/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
1/10

behavioral6

discovery
Score
3/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
1/10

behavioral14

Score
1/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
1/10

behavioral19

execution
Score
8/10

behavioral20

execution
Score
8/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

socks5systemzbotnetdiscovery
Score
10/10

behavioral29

socks5systemzbotnetdiscovery
Score
10/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10