socks5systemz | 2edc52c9ad1c1f94d524e06c3ee082d9eb06b3dc1d089fdbf0dfaa04908bdc65 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

2edc52c9ad1c1f94d524e06c3ee082d9eb06b3dc1d089fdbf0dfaa04908bdc65
Size

5.4MB
Sample

240702-y2lz6axbrh
MD5

bff04db0cced6dfafc1788b335e25283
SHA1

6763f723f220e37bb218decab6ce66e0d934d53a
SHA256

2edc52c9ad1c1f94d524e06c3ee082d9eb06b3dc1d089fdbf0dfaa04908bdc65
SHA512

381c9d129d6f05ca8227885e36b84f32a9ab10a50eca213bb09fda4210d80bc03135d7547b04f10f963de3bbee656b0e5c4e6526f9ab5b62bb86089b40cf013a
SSDEEP

98304:CuJY5SfcsBRA1fvoeiag4f77VaXg85Hx3PZB2FTPbI4K+Uyx5vVcEfQxla:zmYfcIefBg41Mg85HFPZBYbI4KS5v6mt

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2edc52c9ad1c1f94d524e06c3ee082d9eb06b3dc1d089fdbf0dfaa04908bdc65.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

2edc52c9ad1c1f94d524e06c3ee082d9eb06b3dc1d089fdbf0dfaa04908bdc65.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2edc52c9ad1c1f94d524e06c3ee082d9eb06b3dc1d089fdbf0dfaa04908bdc65
- Size
  
  5.4MB
- MD5
  
  bff04db0cced6dfafc1788b335e25283
- SHA1
  
  6763f723f220e37bb218decab6ce66e0d934d53a
- SHA256
  
  2edc52c9ad1c1f94d524e06c3ee082d9eb06b3dc1d089fdbf0dfaa04908bdc65
- SHA512
  
  381c9d129d6f05ca8227885e36b84f32a9ab10a50eca213bb09fda4210d80bc03135d7547b04f10f963de3bbee656b0e5c4e6526f9ab5b62bb86089b40cf013a
- SSDEEP
  
  98304:CuJY5SfcsBRA1fvoeiag4f77VaXg85Hx3PZB2FTPbI4K+Uyx5vVcEfQxla:zmYfcIefBg41Mg85HFPZBYbI4KS5v6mt
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy