socks5systemz | f2f33a01d49f3b00ceeb2be892c4ff29c4e258586d5edd30fce8e029dd977ff7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

f2f33a01d49f3b00ceeb2be892c4ff29c4e258586d5edd30fce8e029dd977ff7
Size

5.0MB
Sample

240704-2q9tmateqr
MD5

cd3d41ff24acdaf33336c62e8f54b7ba
SHA1

abb1d9a5762821f4aad31146ace4d4845ed93b8d
SHA256

f2f33a01d49f3b00ceeb2be892c4ff29c4e258586d5edd30fce8e029dd977ff7
SHA512

f67856dafa8d27a5e4c264dab981dec4747727f65b140f1c0485718c390292a63fdcc86fc980d7c68716c33f7024dcf759dfd126c0d3b1c740728d241cee3d90
SSDEEP

98304:CwHt6o57vaXSqXWpnvQ6lpkQEEmsVqoIMOLDMBwSOnIDRvEd+fQx7:eo57vySJvbpkKV4o3MMp+ID5+MQt

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f2f33a01d49f3b00ceeb2be892c4ff29c4e258586d5edd30fce8e029dd977ff7.exe

Resource

win7-20240508-en

socks5systemz botnet discovery

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

f2f33a01d49f3b00ceeb2be892c4ff29c4e258586d5edd30fce8e029dd977ff7.exe

Resource

win10-20240404-en

socks5systemz botnet discovery

windows10-1703-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  f2f33a01d49f3b00ceeb2be892c4ff29c4e258586d5edd30fce8e029dd977ff7
- Size
  
  5.0MB
- MD5
  
  cd3d41ff24acdaf33336c62e8f54b7ba
- SHA1
  
  abb1d9a5762821f4aad31146ace4d4845ed93b8d
- SHA256
  
  f2f33a01d49f3b00ceeb2be892c4ff29c4e258586d5edd30fce8e029dd977ff7
- SHA512
  
  f67856dafa8d27a5e4c264dab981dec4747727f65b140f1c0485718c390292a63fdcc86fc980d7c68716c33f7024dcf759dfd126c0d3b1c740728d241cee3d90
- SSDEEP
  
  98304:CwHt6o57vaXSqXWpnvQ6lpkQEEmsVqoIMOLDMBwSOnIDRvEd+fQx7:eo57vySJvbpkKV4o3MMp+ID5+MQt
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2025

Terms | Privacy