socks5systemz | 211c254f45f6fb09fe27227a46fe7f4cccfb3468362acc250fa2db0197d60886 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

575b492dde...KI.exe

windows7-x64

575b492dde...KI.exe

windows10-2004-x64

Sharing

General

Target

575b492dde6a22eb32d5bb2c146054a0_NEIKI
Size

4.0MB
Sample

240508-z3gmhaad22
MD5

575b492dde6a22eb32d5bb2c146054a0
SHA1

b508611429e8e63a87c6e47459ee72917a82a091
SHA256

211c254f45f6fb09fe27227a46fe7f4cccfb3468362acc250fa2db0197d60886
SHA512

140d8827182fa99d5545995003a09322e10da4a4f64616c231eb070fc982b0b64c99708492a2e25fa9cd172791d80e300aa2f986e3804728553badb633e694e6
SSDEEP

98304:AdL9xWLs1Esvx3VRy2XOwnqoQyVHXoblgL74+7e:AzwM5S2X9qM3oqLU+7e

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

575b492dde6a22eb32d5bb2c146054a0_NEIKI.exe

Resource

win7-20240508-en

socks5systemz botnet discovery

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

575b492dde6a22eb32d5bb2c146054a0_NEIKI.exe

Resource

win10v2004-20240226-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

socks5systemz

C2

51.159.66.125

217.23.6.51

151.80.38.159

217.23.9.168

37.187.122.227

Attributes

rc4_key
heyfg645fdhwi

Targets

- Target
  
  575b492dde6a22eb32d5bb2c146054a0_NEIKI
- Size
  
  4.0MB
- MD5
  
  575b492dde6a22eb32d5bb2c146054a0
- SHA1
  
  b508611429e8e63a87c6e47459ee72917a82a091
- SHA256
  
  211c254f45f6fb09fe27227a46fe7f4cccfb3468362acc250fa2db0197d60886
- SHA512
  
  140d8827182fa99d5545995003a09322e10da4a4f64616c231eb070fc982b0b64c99708492a2e25fa9cd172791d80e300aa2f986e3804728553badb633e694e6
- SSDEEP
  
  98304:AdL9xWLs1Esvx3VRy2XOwnqoQyVHXoblgL74+7e:AzwM5S2X9qM3oqLU+7e
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2025

Terms | Privacy