socks5systemz

General

Target

654843da1e795cd96f721da9756d241fb8d1e608ff7336957474d6e5d222fdb2
Size

4.8MB
Sample

240503-2cfcvsah35
MD5

4d34898a00b3a5451f916746a76c3f15
SHA1

291cd4f0f347318cc0da86cada87e74469d68dfd
SHA256

654843da1e795cd96f721da9756d241fb8d1e608ff7336957474d6e5d222fdb2
SHA512

4890cc5608d42fb1a275958443b06f62e23150ca80dc3ada450115f9792b5e88f8094798ad33d9f579c35d3d74cc88f662accca8c3b107e41b90deac2205a276
SSDEEP

98304:+Z3JkFGEGI0cVu2TtfhFE+ypCwE0KrqNSXByOFVsJYaXeVDW8qE2YVcbSbgt77dJ:C3JkFGq0Wu2Tlh8CP0mqE7FVsJViDOlZ

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

http://bvvruim.com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ee8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6389f814c2ed92

http://buboqab.com/search/?q=67e28dd86809f27b415ba51b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa1de8889b5e4fa9281ae978a771ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ffb16c7ea97983f

Targets

- Target
  
  654843da1e795cd96f721da9756d241fb8d1e608ff7336957474d6e5d222fdb2
- Size
  
  4.8MB
- MD5
  
  4d34898a00b3a5451f916746a76c3f15
- SHA1
  
  291cd4f0f347318cc0da86cada87e74469d68dfd
- SHA256
  
  654843da1e795cd96f721da9756d241fb8d1e608ff7336957474d6e5d222fdb2
- SHA512
  
  4890cc5608d42fb1a275958443b06f62e23150ca80dc3ada450115f9792b5e88f8094798ad33d9f579c35d3d74cc88f662accca8c3b107e41b90deac2205a276
- SSDEEP
  
  98304:+Z3JkFGEGI0cVu2TtfhFE+ypCwE0KrqNSXByOFVsJYaXeVDW8qE2YVcbSbgt77dJ:C3JkFGq0Wu2Tlh8CP0mqE7FVsJViDOlZ
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2