socks5systemz | 85e9ec7124a91f7d050a16bd2d4bc40e32ec6a6986badeb0b3d5859774264a9e | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

85e9ec7124a91f7d050a16bd2d4bc40e32ec6a6986badeb0b3d5859774264a9e
Size

5.1MB
Sample

240702-xdn9yaveqe
MD5

ea2fba9682c840a63782fbe9375d332b
SHA1

f3f1360ecd737485a64a46a3c059219a216f9835
SHA256

85e9ec7124a91f7d050a16bd2d4bc40e32ec6a6986badeb0b3d5859774264a9e
SHA512

716b24435b8f06cc4e5e72478e454983324a21bd53b72de4c404ac006816629f89dc1a9e6b3b1243436372c66dd5e94bb87773a88d439dd790d2797f896cd870
SSDEEP

98304:CXMNtEFVKFd9zvly4N0Q4v84lFZM9ifkd61sVyWhruBw+JzTsf1Qxla:BzFXzvDiFWk/whEwJQva

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

85e9ec7124a91f7d050a16bd2d4bc40e32ec6a6986badeb0b3d5859774264a9e.exe

Resource

win10v2004-20240611-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

85e9ec7124a91f7d050a16bd2d4bc40e32ec6a6986badeb0b3d5859774264a9e.exe

Resource

win11-20240611-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  85e9ec7124a91f7d050a16bd2d4bc40e32ec6a6986badeb0b3d5859774264a9e
- Size
  
  5.1MB
- MD5
  
  ea2fba9682c840a63782fbe9375d332b
- SHA1
  
  f3f1360ecd737485a64a46a3c059219a216f9835
- SHA256
  
  85e9ec7124a91f7d050a16bd2d4bc40e32ec6a6986badeb0b3d5859774264a9e
- SHA512
  
  716b24435b8f06cc4e5e72478e454983324a21bd53b72de4c404ac006816629f89dc1a9e6b3b1243436372c66dd5e94bb87773a88d439dd790d2797f896cd870
- SSDEEP
  
  98304:CXMNtEFVKFd9zvly4N0Q4v84lFZM9ifkd61sVyWhruBw+JzTsf1Qxla:BzFXzvDiFWk/whEwJQva
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy