socks5systemz | cd463caa0bff222a5e30c782cb1b7f0a9b24b9b2f71b990d9dcfe11eb82f35b5 | Triage

Submit
Reports

Overview

overview

Static

static

3

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

cd463caa0bff222a5e30c782cb1b7f0a9b24b9b2f71b990d9dcfe11eb82f35b5
Size

5.2MB
Sample

240701-fswtwszhln
MD5

2e6b95f790b937dfbf6ced11b9ef2086
SHA1

42c5bcf0c4e8f051032b067a27d0d4eab49f09fb
SHA256

cd463caa0bff222a5e30c782cb1b7f0a9b24b9b2f71b990d9dcfe11eb82f35b5
SHA512

21c284a6e59219cef3ed029843537530709735e20d877e09fb9af98c022e693d33712df9828a8b45933b66819c01b4965b6fcd871a87549600ed0ec5ac65814d
SSDEEP

98304:C0eIiO3I9YMXusxjCoVdSTHKw2N+FEVIUbkCTQBRR7hfwMYygQxg:tee3I9T+EjCoVdSLwN+ZYeH/fV3gQC

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cd463caa0bff222a5e30c782cb1b7f0a9b24b9b2f71b990d9dcfe11eb82f35b5.exe

Resource

win7-20240508-en

socks5systemz botnet discovery

windows7-x64

9 signatures

300 seconds

Behavioral task

behavioral2

Sample

cd463caa0bff222a5e30c782cb1b7f0a9b24b9b2f71b990d9dcfe11eb82f35b5.exe

Resource

win10-20240404-en

socks5systemz botnet discovery

windows10-1703-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  cd463caa0bff222a5e30c782cb1b7f0a9b24b9b2f71b990d9dcfe11eb82f35b5
- Size
  
  5.2MB
- MD5
  
  2e6b95f790b937dfbf6ced11b9ef2086
- SHA1
  
  42c5bcf0c4e8f051032b067a27d0d4eab49f09fb
- SHA256
  
  cd463caa0bff222a5e30c782cb1b7f0a9b24b9b2f71b990d9dcfe11eb82f35b5
- SHA512
  
  21c284a6e59219cef3ed029843537530709735e20d877e09fb9af98c022e693d33712df9828a8b45933b66819c01b4965b6fcd871a87549600ed0ec5ac65814d
- SSDEEP
  
  98304:C0eIiO3I9YMXusxjCoVdSTHKw2N+FEVIUbkCTQBRR7hfwMYygQxg:tee3I9T+EjCoVdSLwN+ZYeH/fV3gQC
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy