socks5systemz | 72548a1278db98f50a28ba55ab38a25977425a4f3d96c21c4f23a38e0c09a7fa | Triage

Submit
Reports

Overview

overview

Static

static

3

cryptolaemus

windows10-2004-x64

cryptolaemus

windows11-21h2-x64

Sharing

General

Target

72548a1278db98f50a28ba55ab38a25977425a4f3d96c21c4f23a38e0c09a7fa
Size

5.2MB
Sample

240703-l6hr3s1gkl
MD5

91095c7ee8dcd6b346390ed45cecee89
SHA1

cb62616f0846c891e6c1557fcd551e4671b52f43
SHA256

72548a1278db98f50a28ba55ab38a25977425a4f3d96c21c4f23a38e0c09a7fa
SHA512

423f3a5c82d60a8d3eb26cdea89c18dff7c7d388ee65ea00009c50f3571876dc0d8c47dcc74ead1adfc1a0cdfc0b070e54745e0aea9d9552bd2cfdad0c1d19fb
SSDEEP

98304:CvOV4nzFMdUlhNKRCKY2/SGzVvM0Ouj7HHXZ+3rUlLdQ0py3nTpElQxb:gnpqQhsUw/SEhHXZ+bU80pyDpuQ5

Score

10^/10

socks5systemz botnet discovery

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

72548a1278db98f50a28ba55ab38a25977425a4f3d96c21c4f23a38e0c09a7fa.exe

Resource

win10v2004-20240611-en

socks5systemz botnet discovery

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

72548a1278db98f50a28ba55ab38a25977425a4f3d96c21c4f23a38e0c09a7fa.exe

Resource

win11-20240611-en

socks5systemz botnet discovery

windows11-21h2-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  72548a1278db98f50a28ba55ab38a25977425a4f3d96c21c4f23a38e0c09a7fa
- Size
  
  5.2MB
- MD5
  
  91095c7ee8dcd6b346390ed45cecee89
- SHA1
  
  cb62616f0846c891e6c1557fcd551e4671b52f43
- SHA256
  
  72548a1278db98f50a28ba55ab38a25977425a4f3d96c21c4f23a38e0c09a7fa
- SHA512
  
  423f3a5c82d60a8d3eb26cdea89c18dff7c7d388ee65ea00009c50f3571876dc0d8c47dcc74ead1adfc1a0cdfc0b070e54745e0aea9d9552bd2cfdad0c1d19fb
- SSDEEP
  
  98304:CvOV4nzFMdUlhNKRCKY2/SGzVvM0Ouj7HHXZ+3rUlLdQ0py3nTpElQxb:gnpqQhsUw/SEhHXZ+bU80pyDpuQ5
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

socks5systemzbotnetdiscovery

behavioral2

socks5systemzbotnetdiscovery

© 2018-2024

Terms | Privacy