Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    66e6a059240202a32ddb5734306d995edd01ff702f58ac31bcc48b5e90cf33bf

  • Size

    5.0MB

  • Sample

    240629-vp6l9avdlj

  • MD5

    0777385fc833ad8fcee301643fd651db

  • SHA1

    1c51ee26d564c87429e1026731d8b7e76782c2d5

  • SHA256

    66e6a059240202a32ddb5734306d995edd01ff702f58ac31bcc48b5e90cf33bf

  • SHA512

    33bc48eac40e0a2e67698de6ceb7ba79090d9658311e046c8f3369c7e27d4a4eea052da195c08e5a46727d4fc063590e0783a1d8ff0c87c646bd4079244cd52a

  • SSDEEP

    98304:C9egE8exvHexahnUexFUzhfrUDpX8ekYABndym+s2y9msdOqLk2aQFFHQx9W:fgE8g+xAnZshfoJ8ek1dym+s2y9VOqRX

Score
10/10
socks5systemzbotnetdiscovery

Malware Config

Targets

    • Target

      66e6a059240202a32ddb5734306d995edd01ff702f58ac31bcc48b5e90cf33bf

    • Size

      5.0MB

    • MD5

      0777385fc833ad8fcee301643fd651db

    • SHA1

      1c51ee26d564c87429e1026731d8b7e76782c2d5

    • SHA256

      66e6a059240202a32ddb5734306d995edd01ff702f58ac31bcc48b5e90cf33bf

    • SHA512

      33bc48eac40e0a2e67698de6ceb7ba79090d9658311e046c8f3369c7e27d4a4eea052da195c08e5a46727d4fc063590e0783a1d8ff0c87c646bd4079244cd52a

    • SSDEEP

      98304:C9egE8exvHexahnUexFUzhfrUDpX8ekYABndym+s2y9msdOqLk2aQFFHQx9W:fgE8g+xAnZshfoJ8ek1dym+s2y9VOqRX

    Score
    10/10
    socks5systemzbotnetdiscovery

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

      botnetsocks5systemz

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks