socks5systemz | 01d342c50ab6cbfbf775fa1112c16884dd6c94eed4aee27e938b3991e8d3eaf4 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

01d342c50ab6cbfbf775fa1112c16884dd6c94eed4aee27e938b3991e8d3eaf4
Size

5.0MB
Sample

240701-egf4mavhnd
MD5

5aa3b8776d9ed8d8fd8b520ed2592d96
SHA1

2dfae30f5003d858e7121fcbcfbc31ce9a0b1802
SHA256

01d342c50ab6cbfbf775fa1112c16884dd6c94eed4aee27e938b3991e8d3eaf4
SHA512

d93337d642d35190ff0f3c89a3d043a3a10609c67e706eb98ddfda730e1237f5e6ed5649fba4affdcb65b0fe8456410365112689cb654ed3551b0191f1b1f4da
SSDEEP

98304:Cj/BZ4orapAWVkadq3eLAzWD9r1ZdefCg8OmUi6SB+9daiVF+v14PJWTRxQxe:I/UiaKgXE+9YKg8O/W8dVF+v1txQY

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

01d342c50ab6cbfbf775fa1112c16884dd6c94eed4aee27e938b3991e8d3eaf4.exe

Resource

win10v2004-20240611-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

01d342c50ab6cbfbf775fa1112c16884dd6c94eed4aee27e938b3991e8d3eaf4.exe

Resource

win11-20240611-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  01d342c50ab6cbfbf775fa1112c16884dd6c94eed4aee27e938b3991e8d3eaf4
- Size
  
  5.0MB
- MD5
  
  5aa3b8776d9ed8d8fd8b520ed2592d96
- SHA1
  
  2dfae30f5003d858e7121fcbcfbc31ce9a0b1802
- SHA256
  
  01d342c50ab6cbfbf775fa1112c16884dd6c94eed4aee27e938b3991e8d3eaf4
- SHA512
  
  d93337d642d35190ff0f3c89a3d043a3a10609c67e706eb98ddfda730e1237f5e6ed5649fba4affdcb65b0fe8456410365112689cb654ed3551b0191f1b1f4da
- SSDEEP
  
  98304:Cj/BZ4orapAWVkadq3eLAzWD9r1ZdefCg8OmUi6SB+9daiVF+v14PJWTRxQxe:I/UiaKgXE+9YKg8O/W8dVF+v1txQY
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy