socks5systemz

General

Target

fdd9b956e7a373fbd8b41514b78a19637b3d033f18a98aab2dec7e90a4f53861
Size

4.7MB
Sample

240608-xgp1msef41
MD5

f9cfd8f9afb7ee87e7ad049b7a92423f
SHA1

cf336b758b82d17f8be83a5d93c7d5aebd0e4638
SHA256

fdd9b956e7a373fbd8b41514b78a19637b3d033f18a98aab2dec7e90a4f53861
SHA512

388ca19270ca8addf4e93d4ab9c3225cdefba6afaf0061d11030f09c57fc0372e5b1bb86f9d5cb902354a4d13d8afffec3e073ac6027fdc4ea6d15e2d8f9fcac
SSDEEP

98304:mMX40drbC2Z+oMvtyIGM1ONsQNaMZE8Q0jEy0mKPrM/cqPFyvH66:5/Fn0FJzONfeNy9Y80x

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

aavqusd.ru

http://aavqusd.ru/search/?q=67e28dd83e5cfa2f440afa1d7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a471ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff819c7ed939f3b

http://aavqusd.ru/search/?q=67e28dd83e5cfa2f440afa1d7c27d78406abdd88be4b12eab517aa5c96bd86ef928248875a8bbc896c58e713bc90c91936b5281fc235a925ed3e07d6bd974a95129070b616e96cc92be510b866db52b2e34aec4c2b14a82966836f23d7f210c7ee92923ccf699316

buoihid.com

http://buoihid.com/search/?q=67e28dd83954f37e1207fe177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa45e8889b5e4fa9281ae978f671ea771795af8e05c645db22f31dfe339426fa12a466c553adb719a9577e55b8603e983a608ff819c7ed939e32

http://buoihid.com/search/?q=67e28dd83954f37e1207fe177c27d78406abdd88be4b12eab517aa5c96bd86eb90804b815a8bbc896c58e713bc90c91036b5281fc235a925ed3e55d6bd974a95129070b616e96cc92be510b866db51b9e34eed4c2b14a82966836f23d7f210c7ee92923ccf69921f

Targets

- Target
  
  fdd9b956e7a373fbd8b41514b78a19637b3d033f18a98aab2dec7e90a4f53861
- Size
  
  4.7MB
- MD5
  
  f9cfd8f9afb7ee87e7ad049b7a92423f
- SHA1
  
  cf336b758b82d17f8be83a5d93c7d5aebd0e4638
- SHA256
  
  fdd9b956e7a373fbd8b41514b78a19637b3d033f18a98aab2dec7e90a4f53861
- SHA512
  
  388ca19270ca8addf4e93d4ab9c3225cdefba6afaf0061d11030f09c57fc0372e5b1bb86f9d5cb902354a4d13d8afffec3e073ac6027fdc4ea6d15e2d8f9fcac
- SSDEEP
  
  98304:mMX40drbC2Z+oMvtyIGM1ONsQNaMZE8Q0jEy0mKPrM/cqPFyvH66:5/Fn0FJzONfeNy9Y80x
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2