socks5systemz | d4dab2b9130b7fe4919f129ec59955de481b54646666f00f46bbc8de3efc498c | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

d4dab2b9130b7fe4919f129ec59955de481b54646666f00f46bbc8de3efc498c
Size

5.4MB
Sample

240701-a8vc4s1cqe
MD5

ef261bb420135a1db8802b4ba77602ba
SHA1

b3e01bde2f4622cc4daf8cf257830a01d8d85487
SHA256

d4dab2b9130b7fe4919f129ec59955de481b54646666f00f46bbc8de3efc498c
SHA512

3e3802e69e957efea5b317c4387bcc1a704e34949ab993d8e349cbc40bd3fa7cd68c2431b5fb7b8f5f1b47d9cea798e22419be46cfc2ef256da99ad8635ca548
SSDEEP

98304:COCNdg0Ylj+GKZQocSXBAwBuCmTTaon3Y9MReoAne1LLp3cZqLD7yTUGEBeNewDM:e8NlCGpSXGwNrS3Y8h0+FcZgD4MkeCQt

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d4dab2b9130b7fe4919f129ec59955de481b54646666f00f46bbc8de3efc498c.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d4dab2b9130b7fe4919f129ec59955de481b54646666f00f46bbc8de3efc498c.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d4dab2b9130b7fe4919f129ec59955de481b54646666f00f46bbc8de3efc498c
- Size
  
  5.4MB
- MD5
  
  ef261bb420135a1db8802b4ba77602ba
- SHA1
  
  b3e01bde2f4622cc4daf8cf257830a01d8d85487
- SHA256
  
  d4dab2b9130b7fe4919f129ec59955de481b54646666f00f46bbc8de3efc498c
- SHA512
  
  3e3802e69e957efea5b317c4387bcc1a704e34949ab993d8e349cbc40bd3fa7cd68c2431b5fb7b8f5f1b47d9cea798e22419be46cfc2ef256da99ad8635ca548
- SSDEEP
  
  98304:COCNdg0Ylj+GKZQocSXBAwBuCmTTaon3Y9MReoAne1LLp3cZqLD7yTUGEBeNewDM:e8NlCGpSXGwNrS3Y8h0+FcZgD4MkeCQt
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy