socks5systemz | da39481f71d40d59a79916553e7e97aeed58ed9962664ebe43018e0566004604 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

da39481f71d40d59a79916553e7e97aeed58ed9962664ebe43018e0566004604
Size

5.6MB
Sample

240527-2sxbbach6w
MD5

c9778793944e0328f2b896dac9f18bbf
SHA1

aa14e46d1e2b4e4df69db2c669692b089a1860bd
SHA256

da39481f71d40d59a79916553e7e97aeed58ed9962664ebe43018e0566004604
SHA512

d6c06f36d9ee2d28bcea6a8f57b8ced06f265ae201eca73f40b8d4e5964b031cfcca97c32427c768305686f032b885980d2f322ad1db7c4de228aaa61771fa0d
SSDEEP

98304:mSVBKLokfcT/KQUi9FGiIATa6hTA9gDVeuibZpcWWWTPakaR6kS7lEaaIf/cY:lOI/KQnz42TA9g0pcKwR6ksEEcY

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

da39481f71d40d59a79916553e7e97aeed58ed9962664ebe43018e0566004604.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

da39481f71d40d59a79916553e7e97aeed58ed9962664ebe43018e0566004604.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  da39481f71d40d59a79916553e7e97aeed58ed9962664ebe43018e0566004604
- Size
  
  5.6MB
- MD5
  
  c9778793944e0328f2b896dac9f18bbf
- SHA1
  
  aa14e46d1e2b4e4df69db2c669692b089a1860bd
- SHA256
  
  da39481f71d40d59a79916553e7e97aeed58ed9962664ebe43018e0566004604
- SHA512
  
  d6c06f36d9ee2d28bcea6a8f57b8ced06f265ae201eca73f40b8d4e5964b031cfcca97c32427c768305686f032b885980d2f322ad1db7c4de228aaa61771fa0d
- SSDEEP
  
  98304:mSVBKLokfcT/KQUi9FGiIATa6hTA9gDVeuibZpcWWWTPakaR6kS7lEaaIf/cY:lOI/KQnz42TA9g0pcKwR6ksEEcY
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy