socks5systemz | 7d19a64a4f75ddd2fc4928824b30c93da7a8bf541197f2fcdb1bd6d5578aea4d | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

7d19a64a4f75ddd2fc4928824b30c93da7a8bf541197f2fcdb1bd6d5578aea4d
Size

5.0MB
Sample

240615-bx3e1svalc
MD5

e24847f922280da04837c2865a5e55ed
SHA1

fe6c0d634ecf3a8df9f9a76611891dcb038b7bb0
SHA256

7d19a64a4f75ddd2fc4928824b30c93da7a8bf541197f2fcdb1bd6d5578aea4d
SHA512

2c4b90a00b6a4aa3e82732d79e63ed2215295c0368a03d2140fdc33b911be1fc0cdb55e87021898b0a56cb71a778963830eb5ec866d837dde6b5189081b3c57f
SSDEEP

98304:mC5dTzAO3oYq8kbeJ0U9DSnGEOzaIiUvvYb6jpi/vXDtVr6/C:f5dTzAO3K7e2U9SnGdeIiwg4QTnG/C

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7d19a64a4f75ddd2fc4928824b30c93da7a8bf541197f2fcdb1bd6d5578aea4d.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

7d19a64a4f75ddd2fc4928824b30c93da7a8bf541197f2fcdb1bd6d5578aea4d.exe

Resource

win11-20240419-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

socks5systemz

C2

ckdnnei.net

bohdhaa.com

Targets

- Target
  
  7d19a64a4f75ddd2fc4928824b30c93da7a8bf541197f2fcdb1bd6d5578aea4d
- Size
  
  5.0MB
- MD5
  
  e24847f922280da04837c2865a5e55ed
- SHA1
  
  fe6c0d634ecf3a8df9f9a76611891dcb038b7bb0
- SHA256
  
  7d19a64a4f75ddd2fc4928824b30c93da7a8bf541197f2fcdb1bd6d5578aea4d
- SHA512
  
  2c4b90a00b6a4aa3e82732d79e63ed2215295c0368a03d2140fdc33b911be1fc0cdb55e87021898b0a56cb71a778963830eb5ec866d837dde6b5189081b3c57f
- SSDEEP
  
  98304:mC5dTzAO3oYq8kbeJ0U9DSnGEOzaIiUvvYb6jpi/vXDtVr6/C:f5dTzAO3K7e2U9SnGdeIiwg4QTnG/C
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy