socks5systemz | 2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7
Size

5.6MB
Sample

240615-wpm1kstdkn
MD5

e999d3cb5228dc29a1088b5f79c5b840
SHA1

6b779435532b0bddb70a76c246d31a8b38cec331
SHA256

2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7
SHA512

23b8493ac774e7962fd9bdd415ecea39788f0b4d8c6c63bfd512f587b517925dff4383b7b4d00154d686ade9a2107416677f3581f94062e684fd5e8fe2c010e6
SSDEEP

98304:m4gZwiCwr9c3kNEIm40aiiOD6r+vrrLCE5BDYjyC2pLz4erKw0Rk+oRMDVBH:xuJJNEIFicKvr7FLL0Ty+BBH

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

socks5systemz

C2

bvvxylp.com

aavxtnn.ru

Targets

- Target
  
  2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7
- Size
  
  5.6MB
- MD5
  
  e999d3cb5228dc29a1088b5f79c5b840
- SHA1
  
  6b779435532b0bddb70a76c246d31a8b38cec331
- SHA256
  
  2873e26880b949b96f5b03d563788fb97190db41ebbb916ce0c0f591723eebc7
- SHA512
  
  23b8493ac774e7962fd9bdd415ecea39788f0b4d8c6c63bfd512f587b517925dff4383b7b4d00154d686ade9a2107416677f3581f94062e684fd5e8fe2c010e6
- SSDEEP
  
  98304:m4gZwiCwr9c3kNEIm40aiiOD6r+vrrLCE5BDYjyC2pLz4erKw0Rk+oRMDVBH:xuJJNEIFicKvr7FLL0Ty+BBH
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy