socks5systemz | 3a9ac13cb6255e6c8e46096de49681d9c82a35e5128ae22b6dcfd6366f7315b4 | Triage

Submit
Reports

Overview

overview

Static

static

3

3a9ac13cb6...b4.exe

windows7-x64

3a9ac13cb6...b4.exe

windows10-2004-x64

Sharing

General

Target

3a9ac13cb6255e6c8e46096de49681d9c82a35e5128ae22b6dcfd6366f7315b4
Size

4.9MB
Sample

240701-zdxmesyaph
MD5

dfb176122ad4f536187cb8ce0ad60ad3
SHA1

5b2d9e9f8aaf507cacc66eaadab7adb9343052aa
SHA256

3a9ac13cb6255e6c8e46096de49681d9c82a35e5128ae22b6dcfd6366f7315b4
SHA512

b341728feac15b6941c387b1f8b3ff3e9fccb580727a128f0f910d10ed0a8c508c3cad8dbbbb299d5591987ebabaf888b26a4a5fcecdab7c49b52a568fa0a177
SSDEEP

98304:CiL1eZyaXe3fxNWMg1RcKRXCwQZ/7CEm6SUpSUUMHFOF7W4h2bcC1Qxr:h1QX4DhgHcKEZjeoSw0ytbpQB

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3a9ac13cb6255e6c8e46096de49681d9c82a35e5128ae22b6dcfd6366f7315b4.exe

Resource

win7-20240221-en

socks5systemz botnet discovery

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3a9ac13cb6255e6c8e46096de49681d9c82a35e5128ae22b6dcfd6366f7315b4.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a9ac13cb6255e6c8e46096de49681d9c82a35e5128ae22b6dcfd6366f7315b4
- Size
  
  4.9MB
- MD5
  
  dfb176122ad4f536187cb8ce0ad60ad3
- SHA1
  
  5b2d9e9f8aaf507cacc66eaadab7adb9343052aa
- SHA256
  
  3a9ac13cb6255e6c8e46096de49681d9c82a35e5128ae22b6dcfd6366f7315b4
- SHA512
  
  b341728feac15b6941c387b1f8b3ff3e9fccb580727a128f0f910d10ed0a8c508c3cad8dbbbb299d5591987ebabaf888b26a4a5fcecdab7c49b52a568fa0a177
- SSDEEP
  
  98304:CiL1eZyaXe3fxNWMg1RcKRXCwQZ/7CEm6SUpSUUMHFOF7W4h2bcC1Qxr:h1QX4DhgHcKEZjeoSw0ytbpQB
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Detects executables packed with VMProtect.
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy