socks5systemz | 98affc593deaedca152f0dd9d74b820b8f99a4d5da2a4e047c6325ebbd4a5678 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

98affc593deaedca152f0dd9d74b820b8f99a4d5da2a4e047c6325ebbd4a5678
Size

5.2MB
Sample

240523-be22jaga47
MD5

b3259f98d5cd88cb8a434b71c0d81e25
SHA1

edd584cd00a3320b42da5570a64b4ba3d6ecf5b1
SHA256

98affc593deaedca152f0dd9d74b820b8f99a4d5da2a4e047c6325ebbd4a5678
SHA512

2c69edac4d256cd44aeb6b7e0a166920c2505cc399022d64b77f2a1d0d0419c4a9a29bdf05e254243e1f8e647e1175b0b41172ee4464a578d14d1346fce97a88
SSDEEP

98304:m+lz20U/vYRG2w/IfCiUtpclU9jxJ8hdzvOOOwZsCnSgc4lF:TJUXYLw/3id6bJ6DXSgc43

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

98affc593deaedca152f0dd9d74b820b8f99a4d5da2a4e047c6325ebbd4a5678.exe

Resource

win10v2004-20240426-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

98affc593deaedca152f0dd9d74b820b8f99a4d5da2a4e047c6325ebbd4a5678.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  98affc593deaedca152f0dd9d74b820b8f99a4d5da2a4e047c6325ebbd4a5678
- Size
  
  5.2MB
- MD5
  
  b3259f98d5cd88cb8a434b71c0d81e25
- SHA1
  
  edd584cd00a3320b42da5570a64b4ba3d6ecf5b1
- SHA256
  
  98affc593deaedca152f0dd9d74b820b8f99a4d5da2a4e047c6325ebbd4a5678
- SHA512
  
  2c69edac4d256cd44aeb6b7e0a166920c2505cc399022d64b77f2a1d0d0419c4a9a29bdf05e254243e1f8e647e1175b0b41172ee4464a578d14d1346fce97a88
- SSDEEP
  
  98304:m+lz20U/vYRG2w/IfCiUtpclU9jxJ8hdzvOOOwZsCnSgc4lF:TJUXYLw/3id6bJ6DXSgc43
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy