socks5systemz | 21db93d30bb9f1d9589a5b0da1b9bf2dd3be9f01ddcf3cc52df27324bb3dd82d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

21db93d30bb9f1d9589a5b0da1b9bf2dd3be9f01ddcf3cc52df27324bb3dd82d
Size

6.2MB
Sample

240606-b5wbnsea71
MD5

0048b71e4f1bf4c544777047c127bec6
SHA1

eb7fbaecb132d51b14b2987a21952120998253ec
SHA256

21db93d30bb9f1d9589a5b0da1b9bf2dd3be9f01ddcf3cc52df27324bb3dd82d
SHA512

6609aba1588eb50193448944be8006d0b86f3f48e8c59a68a8adc1b2d24683fa5cecc1d8e5fcd416b67805089d79a9d627302825b6e3e28c0c413f7bdc02826f
SSDEEP

196608:6GDmLfHjBAV+Biuw9qRBgv+31X1Lly1Vi/Yty86f2f5GVY:6GsHjB3Biu1BgQ1LM1Viwty86lW

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

21db93d30bb9f1d9589a5b0da1b9bf2dd3be9f01ddcf3cc52df27324bb3dd82d.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

21db93d30bb9f1d9589a5b0da1b9bf2dd3be9f01ddcf3cc52df27324bb3dd82d.exe

Resource

win11-20240426-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  21db93d30bb9f1d9589a5b0da1b9bf2dd3be9f01ddcf3cc52df27324bb3dd82d
- Size
  
  6.2MB
- MD5
  
  0048b71e4f1bf4c544777047c127bec6
- SHA1
  
  eb7fbaecb132d51b14b2987a21952120998253ec
- SHA256
  
  21db93d30bb9f1d9589a5b0da1b9bf2dd3be9f01ddcf3cc52df27324bb3dd82d
- SHA512
  
  6609aba1588eb50193448944be8006d0b86f3f48e8c59a68a8adc1b2d24683fa5cecc1d8e5fcd416b67805089d79a9d627302825b6e3e28c0c413f7bdc02826f
- SSDEEP
  
  196608:6GDmLfHjBAV+Biuw9qRBgv+31X1Lly1Vi/Yty86f2f5GVY:6GsHjB3Biu1BgQ1LM1Viwty86lW
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2025

Terms | Privacy