Proxybox
HIGH RISK
20,875Online IPs
178.16.55.185:47814- SOCKS5HTTP
- DIRECT
proxybox.io
Gateway
Protocols
Classification
Website
Proxybox is a proxy service powered by the Socks5Systemz botnet. The service distributes a heavily obfuscated loader disguised as a legitimate applications. The loader is used to install the Socks5Systemz malware on victim machines, which then become part of the botnet and provide proxy services to customers.
Observables
Network Observables
| IP Address | ASN | ASN Name | Country | Description |
|---|---|---|---|---|
| 178[.]16[.]53[.]192 | AS214943 | RAILNET | US | C2 Server |
| 86[.]54[.]42[.]188 | AS42624 | swissnetwork02 | SC | C2 Server |
| 45[.]11[.]182[.]82 | AS42708 | GLESYS | SE | C2 Server |
| 142[.]132[.]212[.]125:1000 | AS24940 | Hetzner Online GmbH | DE | Relay Server |
| 65[.]108[.]127[.]141:1000 | AS24940 | Hetzner Online GmbH | FI | Relay Server |
File Observables
| SHA-256 | Filename | Description |
|---|---|---|
e4652015451b4c0e2a288e70d3f9900cbaf9d3f5e48ef0861f4ae1ec645792fb | Stage 1 loader | Socks5Systemz Stage 1 loader |
e82b1cd545da66c5e44fc9b83cedb81bf49377d206e9ac5385c1b25d9c241a6a | Stage 2 loader | Socks5Systemz Stage 2 loader |
08e4910a66629286a67eb6e5097bf0efdd051d21657dec1e1d1c8af28cd5e1bf | Unpacked module | Socks5Systemz unpacked module |
Host Observables
| Path | Description |
|---|---|
C:\ProgramData\GameBackupManager | Loader installation directory |
C:\ProgramData\QW14102it%d.dat | Temporary file |
C:\ProgramData\QW14102resa.dat | Temporary file |
C:\Users\<user>\AppData\Local\Game Backup Manager 1.1.2.4363 | Application directory |
Top Countries
185 total- Russia2,88213.8%
- India2,39011.4%
- Indonesia1,0164.9%
- Vietnam8934.3%
- Bangladesh8834.2%
- Ukraine7383.5%
- Brazil7083.4%
- Philippines6593.2%
- Pakistan6373.1%
- Egypt5252.5%
Ready to access the raw data?
Detect residential proxies and anonymized traffic.