socks5systemz | f75e1f680962a8a9e7c170684e2a65c32ff733196ac4b6e5a6749031c496333e | Triage

Submit
Reports

Overview

overview

Static

static

3

e79b1536ac...cf.exe

windows7-x64

e79b1536ac...cf.exe

windows10-2004-x64

Sharing

General

Target

596116c65df4aa37c8018dc9acc4eb56.bin
Size

3.4MB
Sample

240802-cjhn5athkc
MD5

6d629b728df1c67adfb76cec3adbfaa1
SHA1

2469d6fc70927586810def38bbb7530d031e7afa
SHA256

f75e1f680962a8a9e7c170684e2a65c32ff733196ac4b6e5a6749031c496333e
SHA512

c1b06695842edae35539f7115a24c9a2600efc05850567da1d584139ffc276ae11fe6595aaac1dbfb9bb0648fce08394957728a732f87c71781b94ae5b157b94
SSDEEP

98304:Gk5VRAT51Z+zJpxASbPZZ++AzzpuK6TxQebDKbNQL9xb:GkPRAruJUSbX2zzOQNQn

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e79b1536ac9710a2fffc8bf4d3337e344aee2897d116dd48b9a4c4e174d49acf.exe

Resource

win7-20240705-en

socks5systemz botnet discovery

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

e79b1536ac9710a2fffc8bf4d3337e344aee2897d116dd48b9a4c4e174d49acf.exe

Resource

win10v2004-20240730-en

socks5systemz botnet discovery

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

socks5systemz

Attributes

rc4_key
i4hiea56#7b&dfw3

Targets

- Target
  
  e79b1536ac9710a2fffc8bf4d3337e344aee2897d116dd48b9a4c4e174d49acf.exe
- Size
  
  3.4MB
- MD5
  
  596116c65df4aa37c8018dc9acc4eb56
- SHA1
  
  1e323c23b20007998b7c104a27cfd1b5c0f878f2
- SHA256
  
  e79b1536ac9710a2fffc8bf4d3337e344aee2897d116dd48b9a4c4e174d49acf
- SHA512
  
  4353b1a98e7abae2e6006a82bb34f61fcfa6a4cb95c2130ed7da00fdc979e37f83c47154655aad4aafadba12fb58b12f0b6dd3313e67843d27ae7add0b4e766e
- SSDEEP
  
  98304:sjBf676DpowCfpV48epyfqhhYW/8ZEflpvEvCYjxlE:KfA6FowCfrMpyMR8ZEflaqYjxu
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2025

Terms | Privacy