socks5systemz

General

Target

4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c
Size

4.9MB
Sample

240613-2smrwatepf
MD5

82767654689854be5c9674ffd30907ae
SHA1

ad6810fc6098ea35375f15beba8209304da4963b
SHA256

4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c
SHA512

fb3b73d2a0d27217dacde391b1f938f36cc670ccfabcfdce92b956de95b30da91504f6374cc22b273b24e9ba8d77317409141ed79c49933817a3cd912abadcfe
SSDEEP

98304:mY0ti2v0z4b7Kks6eD7NyedQ/NAiAlfKSoBe+sBpi1s1/J:vS3vFbm7NXsv+iAfKSo8+o2s1/J

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

bpnuoii.com

http://bpnuoii.com/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ee8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dfe18c1ee96

bbniduy.com

http://bbniduy.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f571ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c1e6949b3a

http://bbniduy.com/search/?q=67e28dd86d5ff028450dff177c27d78406abdd88be4b12eab517aa5c96bd86e991814b845a8bbc896c58e713bc90c91936b5281fc235a925ed3e56d6bd974a95129070b616e96cc92be510b866db52bee348ee4c2b14a82966836f23d7f210c7ee9d993ac46e9717

Targets

- Target
  
  4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c
- Size
  
  4.9MB
- MD5
  
  82767654689854be5c9674ffd30907ae
- SHA1
  
  ad6810fc6098ea35375f15beba8209304da4963b
- SHA256
  
  4ac714c2eb6793310a0b35ab5f29ba26e7f14dc3d793971704daaabccdc6277c
- SHA512
  
  fb3b73d2a0d27217dacde391b1f938f36cc670ccfabcfdce92b956de95b30da91504f6374cc22b273b24e9ba8d77317409141ed79c49933817a3cd912abadcfe
- SSDEEP
  
  98304:mY0ti2v0z4b7Kks6eD7NyedQ/NAiAlfKSoBe+sBpi1s1/J:vS3vFbm7NXsv+iAfKSo8+o2s1/J
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2