socks5systemz | fb6afe9736f88c71b7e9ff95884ff9f67a4a7dbac8e81f9431cd610511e19622 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

fb6afe9736f88c71b7e9ff95884ff9f67a4a7dbac8e81f9431cd610511e19622
Size

4.8MB
Sample

240620-zlkb3a1ckk
MD5

8dc717ec04865a086480b1be0fde0d72
SHA1

379f1fa44b8b4301f3254501850c6dfd86f96147
SHA256

fb6afe9736f88c71b7e9ff95884ff9f67a4a7dbac8e81f9431cd610511e19622
SHA512

f2f18fc4e8433221dbf3d0e22e237b787bfad2b458625213bbacb0d8eb78477bc0f04e0a697b92a56d605b0139bb1802cdaf2d804de1ad701b582eacb67e86ef
SSDEEP

98304:mdYhyAOCSNcxiizt2RreYW2aVCCQQCJjZ1h23ll:cYXFk892vaQKuZPwll

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fb6afe9736f88c71b7e9ff95884ff9f67a4a7dbac8e81f9431cd610511e19622.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

fb6afe9736f88c71b7e9ff95884ff9f67a4a7dbac8e81f9431cd610511e19622.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

socks5systemz

C2

bhdktdo.com

bocczmo.com

Targets

- Target
  
  fb6afe9736f88c71b7e9ff95884ff9f67a4a7dbac8e81f9431cd610511e19622
- Size
  
  4.8MB
- MD5
  
  8dc717ec04865a086480b1be0fde0d72
- SHA1
  
  379f1fa44b8b4301f3254501850c6dfd86f96147
- SHA256
  
  fb6afe9736f88c71b7e9ff95884ff9f67a4a7dbac8e81f9431cd610511e19622
- SHA512
  
  f2f18fc4e8433221dbf3d0e22e237b787bfad2b458625213bbacb0d8eb78477bc0f04e0a697b92a56d605b0139bb1802cdaf2d804de1ad701b582eacb67e86ef
- SSDEEP
  
  98304:mdYhyAOCSNcxiizt2RreYW2aVCCQQCJjZ1h23ll:cYXFk892vaQKuZPwll
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy