socks5systemz | 5146cd3ad1333f72cbe2c3cb8980aaf7ddb6b710fedda50a5b16b999eea74f16 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

5146cd3ad1333f72cbe2c3cb8980aaf7ddb6b710fedda50a5b16b999eea74f16
Size

5.2MB
Sample

240701-nh8dyayera
MD5

1f96023e14cc34235cd501eef1557192
SHA1

609d0fe1544cb0cc54eb0d63c9677e49236bcc5d
SHA256

5146cd3ad1333f72cbe2c3cb8980aaf7ddb6b710fedda50a5b16b999eea74f16
SHA512

6c0a4aae331d88e0268f903c2a0fd0d2edb218ec224e36419da27f199c955253c840de9ae5de3fc46c4a2c5433393518d24f0da8ec316faabcccba5f1ae169ba
SSDEEP

98304:CH7JcgOyGfN8FCUpRTUyC/3f4NHdzGN4X2ONUZOgnMrz2ML+Qxle:ScMIICU3TUXk9zG2XYpqwQK

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5146cd3ad1333f72cbe2c3cb8980aaf7ddb6b710fedda50a5b16b999eea74f16.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

5146cd3ad1333f72cbe2c3cb8980aaf7ddb6b710fedda50a5b16b999eea74f16.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  5146cd3ad1333f72cbe2c3cb8980aaf7ddb6b710fedda50a5b16b999eea74f16
- Size
  
  5.2MB
- MD5
  
  1f96023e14cc34235cd501eef1557192
- SHA1
  
  609d0fe1544cb0cc54eb0d63c9677e49236bcc5d
- SHA256
  
  5146cd3ad1333f72cbe2c3cb8980aaf7ddb6b710fedda50a5b16b999eea74f16
- SHA512
  
  6c0a4aae331d88e0268f903c2a0fd0d2edb218ec224e36419da27f199c955253c840de9ae5de3fc46c4a2c5433393518d24f0da8ec316faabcccba5f1ae169ba
- SSDEEP
  
  98304:CH7JcgOyGfN8FCUpRTUyC/3f4NHdzGN4X2ONUZOgnMrz2ML+Qxle:ScMIICU3TUXk9zG2XYpqwQK
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy