socks5systemz | 8f5985b7574b66aea72acda2413599036634d1dd0586ff4135f03c0fe7d9bdec | Triage

Submit
Reports

Overview

overview

Static

static

3

8f5985b757...ec.exe

windows7-x64

8f5985b757...ec.exe

windows10-2004-x64

Sharing

General

Target

8f5985b7574b66aea72acda2413599036634d1dd0586ff4135f03c0fe7d9bdec.exe
Size

2.0MB
Sample

240726-e3ta3swflk
MD5

26855f2047c547911e2c2532532f1eb6
SHA1

a40be95522b948e35123ca4cd72b9d14c7f3cc40
SHA256

8f5985b7574b66aea72acda2413599036634d1dd0586ff4135f03c0fe7d9bdec
SHA512

85a773391a57310c655015109c289ec044df03676414f98dc65b1883fe3aea26937f81ed46124d58d0dc8f737c263ef007fedc9e51568f9d33864a3ad7a37e1b
SSDEEP

49152:32115Bqx2wgevTb1FR0FdsEoZlDgrZcwiIx3WYdfSR:m11qxPRwGl0rZc4SR

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

8f5985b7574b66aea72acda2413599036634d1dd0586ff4135f03c0fe7d9bdec.exe

Resource

win7-20240704-en

socks5systemz botnet discovery

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

8f5985b7574b66aea72acda2413599036634d1dd0586ff4135f03c0fe7d9bdec.exe

Resource

win10v2004-20240704-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

socks5systemz

C2

ayktlcb.ru

bokkami.com

Targets

- Target
  
  8f5985b7574b66aea72acda2413599036634d1dd0586ff4135f03c0fe7d9bdec.exe
- Size
  
  2.0MB
- MD5
  
  26855f2047c547911e2c2532532f1eb6
- SHA1
  
  a40be95522b948e35123ca4cd72b9d14c7f3cc40
- SHA256
  
  8f5985b7574b66aea72acda2413599036634d1dd0586ff4135f03c0fe7d9bdec
- SHA512
  
  85a773391a57310c655015109c289ec044df03676414f98dc65b1883fe3aea26937f81ed46124d58d0dc8f737c263ef007fedc9e51568f9d33864a3ad7a37e1b
- SSDEEP
  
  49152:32115Bqx2wgevTb1FR0FdsEoZlDgrZcwiIx3WYdfSR:m11qxPRwGl0rZc4SR
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy