socks5systemz | a6af8739ed0501065fb73c3ffee24be4e20be7c4f048191efe1c83619a73f99c | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

a6af8739ed0501065fb73c3ffee24be4e20be7c4f048191efe1c83619a73f99c
Size

4.8MB
Sample

240614-rh24psxflq
MD5

ca7d1c13e28753bdc617da3b0b433ed9
SHA1

4c0a3218e2ec23689bc7a144b99326bb7bca63d6
SHA256

a6af8739ed0501065fb73c3ffee24be4e20be7c4f048191efe1c83619a73f99c
SHA512

c06bdc5ff0a79108b79a536e8c8a0539c50684230eb079bfcb45adb795173fe478d907fae55b501912bef0cbe3663987ba8208181e99961e28a2f6f17ed8fc77
SSDEEP

98304:mYtUeQXqyNUVoiLn87G/zrSL19yCDg+JwRXt3kdESEV:X7y6VoiL86/o19yCrwR5kmSEV

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a6af8739ed0501065fb73c3ffee24be4e20be7c4f048191efe1c83619a73f99c.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

a6af8739ed0501065fb73c3ffee24be4e20be7c4f048191efe1c83619a73f99c.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

socks5systemz

C2

cceasix.net

aahznzk.ru

Targets

- Target
  
  a6af8739ed0501065fb73c3ffee24be4e20be7c4f048191efe1c83619a73f99c
- Size
  
  4.8MB
- MD5
  
  ca7d1c13e28753bdc617da3b0b433ed9
- SHA1
  
  4c0a3218e2ec23689bc7a144b99326bb7bca63d6
- SHA256
  
  a6af8739ed0501065fb73c3ffee24be4e20be7c4f048191efe1c83619a73f99c
- SHA512
  
  c06bdc5ff0a79108b79a536e8c8a0539c50684230eb079bfcb45adb795173fe478d907fae55b501912bef0cbe3663987ba8208181e99961e28a2f6f17ed8fc77
- SSDEEP
  
  98304:mYtUeQXqyNUVoiLn87G/zrSL19yCDg+JwRXt3kdESEV:X7y6VoiL86/o19yCrwR5kmSEV
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy