socks5systemz | 629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c
Size

4.8MB
Sample

240531-sjkrgscg69
MD5

1e44c054f8c676e87c20cc2e60aa4d43
SHA1

712043656c1410aff0ceaa41dacf832fa7efd94e
SHA256

629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c
SHA512

768b5ed11447ab1d98af7858cdca515e51f204f5258271cc8fbf8ef1116c8c1b43f89d80cc1893d25078a4485f9dc59599e2c596d2d6277f2f74796b29b09ea8
SSDEEP

98304:mne2eIdS4KWwHF6gyhMrZV7yjduvPI4zyWxfGIwtyGUWO:Ke2eoKncf6rj7Ad0CWRnwQAO

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

socks5systemz

C2

bvuebwm.com

ejagbua.ua

Targets

- Target
  
  629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c
- Size
  
  4.8MB
- MD5
  
  1e44c054f8c676e87c20cc2e60aa4d43
- SHA1
  
  712043656c1410aff0ceaa41dacf832fa7efd94e
- SHA256
  
  629a7daf82513bcf794aa8aca517bd3e1c6c3023212aebb09b565ea5e634016c
- SHA512
  
  768b5ed11447ab1d98af7858cdca515e51f204f5258271cc8fbf8ef1116c8c1b43f89d80cc1893d25078a4485f9dc59599e2c596d2d6277f2f74796b29b09ea8
- SSDEEP
  
  98304:mne2eIdS4KWwHF6gyhMrZV7yjduvPI4zyWxfGIwtyGUWO:Ke2eoKncf6rj7Ad0CWRnwQAO
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Socks5systemz family
  socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2025

Terms | Privacy