socks5systemz | 830b07c65965309d93c2275e670e790c4f11e4ac29c2e60f4f9c94ffb2213ac1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

830b07c65965309d93c2275e670e790c4f11e4ac29c2e60f4f9c94ffb2213ac1
Size

4.9MB
Sample

240707-zmvt7azgnc
MD5

0535ff5693c005e3477f56e2e40af06a
SHA1

8d8c7a5de465b4fa7bc0f585f03dfb2f1a2c1e92
SHA256

830b07c65965309d93c2275e670e790c4f11e4ac29c2e60f4f9c94ffb2213ac1
SHA512

778e401a4499d0a2852bc20b039ae3295ddfece3d49bea452489c495fbf38b877a0d95137aa60a982b76248f1d6927d23d96117854c901bc4e053d6b22185deb
SSDEEP

98304:CbEGKiABmNB3qozE5XBpKl8WRWaDHmO8eNBVvDCOMF2d1qM0jRzOqb/uoRFQxP:48Pmj3qozoRpKl8sWaDGOrZ+OiRjRzDy

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

830b07c65965309d93c2275e670e790c4f11e4ac29c2e60f4f9c94ffb2213ac1.exe

Resource

win10v2004-20240704-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

830b07c65965309d93c2275e670e790c4f11e4ac29c2e60f4f9c94ffb2213ac1.exe

Resource

win11-20240704-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  830b07c65965309d93c2275e670e790c4f11e4ac29c2e60f4f9c94ffb2213ac1
- Size
  
  4.9MB
- MD5
  
  0535ff5693c005e3477f56e2e40af06a
- SHA1
  
  8d8c7a5de465b4fa7bc0f585f03dfb2f1a2c1e92
- SHA256
  
  830b07c65965309d93c2275e670e790c4f11e4ac29c2e60f4f9c94ffb2213ac1
- SHA512
  
  778e401a4499d0a2852bc20b039ae3295ddfece3d49bea452489c495fbf38b877a0d95137aa60a982b76248f1d6927d23d96117854c901bc4e053d6b22185deb
- SSDEEP
  
  98304:CbEGKiABmNB3qozE5XBpKl8WRWaDHmO8eNBVvDCOMF2d1qM0jRzOqb/uoRFQxP:48Pmj3qozoRpKl8sWaDGOrZ+OiRjRzDy
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2025

Terms | Privacy