socks5systemz | 08ea6cc38bef956b8db26cdcafad4a72d8fb956ed352ac706f225efc22f60b49 | Triage

Submit
Reports

Overview

overview

Static

static

3

08ea6cc38b...49.exe

windows7-x64

08ea6cc38b...49.exe

windows10-2004-x64

Sharing

General

Target

08ea6cc38bef956b8db26cdcafad4a72d8fb956ed352ac706f225efc22f60b49
Size

5.8MB
Sample

241114-nededsxpew
MD5

bbef55f0306c1126f3caa7c1390ade27
SHA1

18131ea80717d05df96c8baddf2b7462591e9b9c
SHA256

08ea6cc38bef956b8db26cdcafad4a72d8fb956ed352ac706f225efc22f60b49
SHA512

1d4dd826bbcd4c1154b59e79de34e80f8bba538763aeaa5d26a4cd6dc0618ee07345ba39008fb6acb08876c6fce3bef678c8254380713404100517234a5d4941
SSDEEP

98304:PX4MX7RjenHhxAb2YN6r9MNA95lr6/WBEE2TowvQg/x0DUaQs6Juyazx1x:vOBxAbp6r9MN0ra8qxKQs6JuyaF

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

08ea6cc38bef956b8db26cdcafad4a72d8fb956ed352ac706f225efc22f60b49.exe

Resource

win7-20240903-en

socks5systemz botnet discovery

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

08ea6cc38bef956b8db26cdcafad4a72d8fb956ed352ac706f225efc22f60b49.exe

Resource

win10v2004-20241007-en

socks5systemz botnet discovery

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  08ea6cc38bef956b8db26cdcafad4a72d8fb956ed352ac706f225efc22f60b49
- Size
  
  5.8MB
- MD5
  
  bbef55f0306c1126f3caa7c1390ade27
- SHA1
  
  18131ea80717d05df96c8baddf2b7462591e9b9c
- SHA256
  
  08ea6cc38bef956b8db26cdcafad4a72d8fb956ed352ac706f225efc22f60b49
- SHA512
  
  1d4dd826bbcd4c1154b59e79de34e80f8bba538763aeaa5d26a4cd6dc0618ee07345ba39008fb6acb08876c6fce3bef678c8254380713404100517234a5d4941
- SSDEEP
  
  98304:PX4MX7RjenHhxAb2YN6r9MNA95lr6/WBEE2TowvQg/x0DUaQs6Juyazx1x:vOBxAbp6r9MN0ra8qxKQs6JuyaF
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Socks5systemz family
  socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy