socks5systemz

General

Target

58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6
Size

4.9MB
Sample

240613-2ych4axgpr
MD5

7a318458390dad5e32fcb14d1a4a84f4
SHA1

18af4da09a45f36bd2573b3b5f5a2f7434f442a2
SHA256

58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6
SHA512

65206d28e70f2130d876c3e23a39618c7d561e9305708bec71fa81a618779bf1a2ebffe4d013cf85520cf18bbd1171f7140acb3554e76b080052546f0250731d
SSDEEP

98304:mXu2p0/zpaaQlCXkMOre73RSBunL+a7KSd3HNgXz0:MY9QAv+ej6unSzAXiD0

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

ezpfdon.ua

gwcwxdz.com

bohzevz.com

http://bohzevz.com/search/?q=67e28dd86c0ca77c400cfe4c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa44e8889b5e4fa9281ae978f271ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c1e6939a32

Targets

- Target
  
  58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6
- Size
  
  4.9MB
- MD5
  
  7a318458390dad5e32fcb14d1a4a84f4
- SHA1
  
  18af4da09a45f36bd2573b3b5f5a2f7434f442a2
- SHA256
  
  58a1b5fa55d6f1aa1eb16e2a4d80da2d00ac9be1ac7af2c764baababdb7b2ce6
- SHA512
  
  65206d28e70f2130d876c3e23a39618c7d561e9305708bec71fa81a618779bf1a2ebffe4d013cf85520cf18bbd1171f7140acb3554e76b080052546f0250731d
- SSDEEP
  
  98304:mXu2p0/zpaaQlCXkMOre73RSBunL+a7KSd3HNgXz0:MY9QAv+ej6unSzAXiD0
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2