socks5systemz

General

Target

SecuriteInfo.com.Trojan.Win32.Crypt.32471.3146.exe
Size

2.0MB
Sample

240307-z56dmsfa6t
MD5

e771b3e8f5d1edff5abfff3baf6e712b
SHA1

02c048112d45716ff703207d041ddebcd7d961d1
SHA256

659240bbe35456b042af8a30ef5c786b65ed084de60d7a9ad0a286f6eba884a0
SHA512

7c0a7d288ea558e30d0ca7b61566b37247d29be60e211be157b7a4b33e42461f46b982423d54fa11a13717df5be8f063ca51a627813f79afa1a478b40d8d4bfb
SSDEEP

49152:C9r4Y1ZSgPogEV+goIDOxkaliEiDmBctvRnw2Ihi9rdE67kW5X:Mr4gcfdDOTvBCpmgRT

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

http://bpytubd.com/search/?q=67e28dd83958f721120bac1a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4fe8889b5e4fa9281ae978f471ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923b6e86fb17c4ee92

http://bpytubd.com/search/?q=67e28dd83958f721120bac1a7c27d78406abdd88be4b12eab517aa5c96bd86e8968e4c885a8bbc896c58e713bc90c91a36b5281fc235a925ed3e57d6bd974a95129070b616e96cc92be20ea778c255bbe258b90d3b4eed3233d1626a8ff811c9e7919c3fcc68

http://bdefbee.com/search/?q=67e28dd86f5af1211209a81b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978f071ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ef619c4e9919b3f

Targets

- Target
  
  SecuriteInfo.com.Trojan.Win32.Crypt.32471.3146.exe
- Size
  
  2.0MB
- MD5
  
  e771b3e8f5d1edff5abfff3baf6e712b
- SHA1
  
  02c048112d45716ff703207d041ddebcd7d961d1
- SHA256
  
  659240bbe35456b042af8a30ef5c786b65ed084de60d7a9ad0a286f6eba884a0
- SHA512
  
  7c0a7d288ea558e30d0ca7b61566b37247d29be60e211be157b7a4b33e42461f46b982423d54fa11a13717df5be8f063ca51a627813f79afa1a478b40d8d4bfb
- SSDEEP
  
  49152:C9r4Y1ZSgPogEV+goIDOxkaliEiDmBctvRnw2Ihi9rdE67kW5X:Mr4gcfdDOTvBCpmgRT
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2