Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    922d64dac627972919d65f4fcd62d61302e33d54aac7f2187b0bca74e4351768

  • Size

    5.8MB

  • Sample

    240615-r5m83athme

  • MD5

    bc99d6695c5aeeb6943e3de3a6a43fef

  • SHA1

    d2a65f6d0ef744daa5101d82be2385e2f22d4f6b

  • SHA256

    922d64dac627972919d65f4fcd62d61302e33d54aac7f2187b0bca74e4351768

  • SHA512

    32672bca4781bee848dca15eb9dedf49849ec18761d20ed532ad906531aad7c9fbec8a222a6eb42186648a538d33807eb77e0dbbea8876b7a20ea75e33958f51

  • SSDEEP

    98304:mWAwd08drb+XMfqbphA2KezqHpLooEYebQ8qeSm8yKSI/su7bcRN21:d/gphpKezw1EYebIeSmDKSI/VPcRs1

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Extracted

Family

socks5systemz

C2

cczrvxt.net

http://cczrvxt.net/search/?q=67e28dd83f08f52f150eab187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ae8889b5e4fa9281ae978f471ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff715c6ed9d9d3f

aaobuny.ru

http://aaobuny.ru/search/?q=67e28dd83f0fa67d125ca51e7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1de8889b5e4fa9281ae978f371ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff715c6ed9d9d39

http://aaobuny.ru/search/?q=67e28dd83f0fa67d125ca51e7c27d78406abdd88be4b12eab517aa5c96bd86e59d8e4896148ab2865b77f80ebad9950f7cb63037ed2ab423a4364383ba915d911ec07bb606a0708727e40ea678c751bbe34efb0e2807e12571c17f3e83fe16c1e7919c39c56894

Targets

    • Target

      922d64dac627972919d65f4fcd62d61302e33d54aac7f2187b0bca74e4351768

    • Size

      5.8MB

    • MD5

      bc99d6695c5aeeb6943e3de3a6a43fef

    • SHA1

      d2a65f6d0ef744daa5101d82be2385e2f22d4f6b

    • SHA256

      922d64dac627972919d65f4fcd62d61302e33d54aac7f2187b0bca74e4351768

    • SHA512

      32672bca4781bee848dca15eb9dedf49849ec18761d20ed532ad906531aad7c9fbec8a222a6eb42186648a538d33807eb77e0dbbea8876b7a20ea75e33958f51

    • SSDEEP

      98304:mWAwd08drb+XMfqbphA2KezqHpLooEYebQ8qeSm8yKSI/su7bcRN21:d/gphpKezw1EYebIeSmDKSI/VPcRs1

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks