socks5systemz | f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

f1286c9d4a...f0.exe

windows7-x64

f1286c9d4a...f0.exe

windows10-2004-x64

Sharing

General

Target

f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0
Size

3.4MB
Sample

240908-keeqnsyapc
MD5

baedd7908c04418acc31854226393484
SHA1

6991cb75f6ec57013df271b0e212b2c7be7fd4ae
SHA256

f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0
SHA512

11cd3acb55d412e1400172f619dc87272e9c5c3fd9102312edf9bf1d53e67150f520cde8a6f1f58b42091b82e2b226d98e8ac3415bdbe37a1ec8a49d94a66e94
SSDEEP

49152:T9tklXMj3d0oXG76VGiqRO2IuQ8VXFysr+sd+fJvL+F+saDUN5i7p9/ybYitG8N+:JmY6M264TvIXEVyBscfxJsaDpLKUA2

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0.exe

Resource

win7-20240903-en

socks5systemz botnet discovery

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0.exe

Resource

win10v2004-20240802-en

socks5systemz botnet discovery

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0
- Size
  
  3.4MB
- MD5
  
  baedd7908c04418acc31854226393484
- SHA1
  
  6991cb75f6ec57013df271b0e212b2c7be7fd4ae
- SHA256
  
  f1286c9d4a1fc6413e5d1a9d3d0043be8c022f5b695be92af2d10dccb4375df0
- SHA512
  
  11cd3acb55d412e1400172f619dc87272e9c5c3fd9102312edf9bf1d53e67150f520cde8a6f1f58b42091b82e2b226d98e8ac3415bdbe37a1ec8a49d94a66e94
- SSDEEP
  
  49152:T9tklXMj3d0oXG76VGiqRO2IuQ8VXFysr+sd+fJvL+F+saDUN5i7p9/ybYitG8N+:JmY6M264TvIXEVyBscfxJsaDpLKUA2
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2025

Terms | Privacy