Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fdd9b956e7a373fbd8b41514b78a19637b3d033f18a98aab2dec7e90a4f53861

  • Size

    4.7MB

  • Sample

    240608-xgp1msef41

  • MD5

    f9cfd8f9afb7ee87e7ad049b7a92423f

  • SHA1

    cf336b758b82d17f8be83a5d93c7d5aebd0e4638

  • SHA256

    fdd9b956e7a373fbd8b41514b78a19637b3d033f18a98aab2dec7e90a4f53861

  • SHA512

    388ca19270ca8addf4e93d4ab9c3225cdefba6afaf0061d11030f09c57fc0372e5b1bb86f9d5cb902354a4d13d8afffec3e073ac6027fdc4ea6d15e2d8f9fcac

  • SSDEEP

    98304:mMX40drbC2Z+oMvtyIGM1ONsQNaMZE8Q0jEy0mKPrM/cqPFyvH66:5/Fn0FJzONfeNy9Y80x

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Extracted

Family

socks5systemz

C2

aavqusd.ru

http://aavqusd.ru/search/?q=67e28dd83e5cfa2f440afa1d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a471ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff819c7ed939f3b

http://aavqusd.ru/search/?q=67e28dd83e5cfa2f440afa1d7c27d78406abdd88be4b12eab517aa5c96bd86ef928248875a8bbc896c58e713bc90c91936b5281fc235a925ed3e07d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee92923ccf699316

buoihid.com

http://buoihid.com/search/?q=67e28dd83954f37e1207fe177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa45e8889b5e4fa9281ae978f671ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff819c7ed939e32

http://buoihid.com/search/?q=67e28dd83954f37e1207fe177c27d78406abdd88be4b12eab517aa5c96bd86eb90804b815a8bbc896c58e713bc90c91036b5281fc235a925ed3e55d6bd974a95129070b616e96cc92be510b866db51b9e34eed4c2b14a82966836f23d7f210c7ee92923ccf69921f

Targets

    • Target

      fdd9b956e7a373fbd8b41514b78a19637b3d033f18a98aab2dec7e90a4f53861

    • Size

      4.7MB

    • MD5

      f9cfd8f9afb7ee87e7ad049b7a92423f

    • SHA1

      cf336b758b82d17f8be83a5d93c7d5aebd0e4638

    • SHA256

      fdd9b956e7a373fbd8b41514b78a19637b3d033f18a98aab2dec7e90a4f53861

    • SHA512

      388ca19270ca8addf4e93d4ab9c3225cdefba6afaf0061d11030f09c57fc0372e5b1bb86f9d5cb902354a4d13d8afffec3e073ac6027fdc4ea6d15e2d8f9fcac

    • SSDEEP

      98304:mMX40drbC2Z+oMvtyIGM1ONsQNaMZE8Q0jEy0mKPrM/cqPFyvH66:5/Fn0FJzONfeNy9Y80x

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.