socks5systemz | 3a9888a86b74398775697706a6ea0b022f6e15e8dc5c1a6a2ddcf9278c959287 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

3a9888a86b74398775697706a6ea0b022f6e15e8dc5c1a6a2ddcf9278c959287
Size

5.0MB
Sample

240628-k8b7msvbkn
MD5

3fc1f529394200426c03956364c7cef4
SHA1

526fabe86cdc747e026a471bfb6d8274db8b4a24
SHA256

3a9888a86b74398775697706a6ea0b022f6e15e8dc5c1a6a2ddcf9278c959287
SHA512

fc2f8f9a3d65849aa7e873c13c3283a4c1f5c8e0ef731082197aca91b048938944bdc0d7eab1ec89e50560628a19a1a85a1c4c8d8685b34368ca42232b152190
SSDEEP

98304:C5JQwz5a8SsUIrpwlNG2WhQR1yQlQWcA4h+2ah94Kwtw8chT32+ldF/rZQxP1:sz/SrG2CQRTlBL72y9YHqTG+ldHQ91

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a9888a86b74398775697706a6ea0b022f6e15e8dc5c1a6a2ddcf9278c959287.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a9888a86b74398775697706a6ea0b022f6e15e8dc5c1a6a2ddcf9278c959287.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a9888a86b74398775697706a6ea0b022f6e15e8dc5c1a6a2ddcf9278c959287
- Size
  
  5.0MB
- MD5
  
  3fc1f529394200426c03956364c7cef4
- SHA1
  
  526fabe86cdc747e026a471bfb6d8274db8b4a24
- SHA256
  
  3a9888a86b74398775697706a6ea0b022f6e15e8dc5c1a6a2ddcf9278c959287
- SHA512
  
  fc2f8f9a3d65849aa7e873c13c3283a4c1f5c8e0ef731082197aca91b048938944bdc0d7eab1ec89e50560628a19a1a85a1c4c8d8685b34368ca42232b152190
- SSDEEP
  
  98304:C5JQwz5a8SsUIrpwlNG2WhQR1yQlQWcA4h+2ah94Kwtw8chT32+ldF/rZQxP1:sz/SrG2CQRTlBL72y9YHqTG+ldHQ91
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy