socks5systemz | 93505285aa0e2f665449125e06daefa972bb6708b4e92aca057282a8561f81e3 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

93505285aa0e2f665449125e06daefa972bb6708b4e92aca057282a8561f81e3
Size

3.9MB
Sample

240726-mwne9atajp
MD5

652e12b1379f53f27faf1cb605a1ea4c
SHA1

cfe52b3a9160f7ec0bda6d71073c3d1749c62e15
SHA256

93505285aa0e2f665449125e06daefa972bb6708b4e92aca057282a8561f81e3
SHA512

9a91cb38889644f3f3c2de14520bd08261a24511a2cf9eea47e743115923d7b9d88f61fa0f1cfa09ae15e78c0439d8b8d04f7437fe2df8d2a8881eadc484eaac
SSDEEP

98304:CH1EqbbD54P9Jk+QBYtJuZVixZ8+GFHASxcer26Ve:YPbb14PIbcJuZe8+i2Ue

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

93505285aa0e2f665449125e06daefa972bb6708b4e92aca057282a8561f81e3.exe

Resource

win10v2004-20240709-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

93505285aa0e2f665449125e06daefa972bb6708b4e92aca057282a8561f81e3.exe

Resource

win11-20240709-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  93505285aa0e2f665449125e06daefa972bb6708b4e92aca057282a8561f81e3
- Size
  
  3.9MB
- MD5
  
  652e12b1379f53f27faf1cb605a1ea4c
- SHA1
  
  cfe52b3a9160f7ec0bda6d71073c3d1749c62e15
- SHA256
  
  93505285aa0e2f665449125e06daefa972bb6708b4e92aca057282a8561f81e3
- SHA512
  
  9a91cb38889644f3f3c2de14520bd08261a24511a2cf9eea47e743115923d7b9d88f61fa0f1cfa09ae15e78c0439d8b8d04f7437fe2df8d2a8881eadc484eaac
- SSDEEP
  
  98304:CH1EqbbD54P9Jk+QBYtJuZVixZ8+GFHASxcer26Ve:YPbb14PIbcJuZe8+i2Ue
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy