socks5systemz | 91127208847b0f7eb0c7ec6ddf2621e6b728c207a9706d99aac127d3dc7cb848 | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

91127208847b0f7eb0c7ec6ddf2621e6b728c207a9706d99aac127d3dc7cb848
Size

5.8MB
Sample

240703-14r1asybrm
MD5

44881901ae7c9e065f4c13c5a2d9cac2
SHA1

b318577803762dddf6f9923e17534f67ad21f8a3
SHA256

91127208847b0f7eb0c7ec6ddf2621e6b728c207a9706d99aac127d3dc7cb848
SHA512

9b37129216906c2e860c33de4426701b2f23b7f999d6c29ba09096f40ab8e19e0fc4fe4a9da454abeaa6c677cbcdeae792414cd3af12871e9b2d6382e88492b1
SSDEEP

98304:CQq3YvMyUrZz7gn9upl5JXOk9VYih0zocIn/J3mEKeX2NtJ28S0PWm1M7wKjseAV:5CYarZHgnQ7hO8VYs01InhmEFGl210XJ

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

91127208847b0f7eb0c7ec6ddf2621e6b728c207a9706d99aac127d3dc7cb848.exe

Resource

win10v2004-20240508-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

91127208847b0f7eb0c7ec6ddf2621e6b728c207a9706d99aac127d3dc7cb848.exe

Resource

win11-20240508-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  91127208847b0f7eb0c7ec6ddf2621e6b728c207a9706d99aac127d3dc7cb848
- Size
  
  5.8MB
- MD5
  
  44881901ae7c9e065f4c13c5a2d9cac2
- SHA1
  
  b318577803762dddf6f9923e17534f67ad21f8a3
- SHA256
  
  91127208847b0f7eb0c7ec6ddf2621e6b728c207a9706d99aac127d3dc7cb848
- SHA512
  
  9b37129216906c2e860c33de4426701b2f23b7f999d6c29ba09096f40ab8e19e0fc4fe4a9da454abeaa6c677cbcdeae792414cd3af12871e9b2d6382e88492b1
- SSDEEP
  
  98304:CQq3YvMyUrZz7gn9upl5JXOk9VYih0zocIn/J3mEKeX2NtJ28S0PWm1M7wKjseAV:5CYarZHgnQ7hO8VYs01InhmEFGl210XJ
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy