Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0db4d2ffd4db8585df889774daf8a2233d28fe0bd4c1b07c8ab83655824e98ba

  • Size

    4.9MB

  • Sample

    240531-nl61aagd63

  • MD5

    c1bcd68e61a31b5db48304353cbf4e26

  • SHA1

    f57df69c4d3360e7e2b889b37f673f37157a5ef0

  • SHA256

    0db4d2ffd4db8585df889774daf8a2233d28fe0bd4c1b07c8ab83655824e98ba

  • SHA512

    d81059b50b21fb0a7fddc5bd5df11e44d65c6339cd9d0befd1f481ed1810981c38da47e677a69aae6095e66c90f0c412dc8a16f3887390d216565c8e83a6f0eb

  • SSDEEP

    98304:mceJHIkZuEHyJb5qSNREYYSp5hface0vEzIkbDCRrgdWih+/8ca:E5IhJbkSNeYYY5hxxEz1fGgdWr/C

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      0db4d2ffd4db8585df889774daf8a2233d28fe0bd4c1b07c8ab83655824e98ba

    • Size

      4.9MB

    • MD5

      c1bcd68e61a31b5db48304353cbf4e26

    • SHA1

      f57df69c4d3360e7e2b889b37f673f37157a5ef0

    • SHA256

      0db4d2ffd4db8585df889774daf8a2233d28fe0bd4c1b07c8ab83655824e98ba

    • SHA512

      d81059b50b21fb0a7fddc5bd5df11e44d65c6339cd9d0befd1f481ed1810981c38da47e677a69aae6095e66c90f0c412dc8a16f3887390d216565c8e83a6f0eb

    • SSDEEP

      98304:mceJHIkZuEHyJb5qSNREYYSp5hface0vEzIkbDCRrgdWih+/8ca:E5IhJbkSNeYYY5hxxEz1fGgdWr/C

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks