socks5systemz

General

Target

b778e209008c767594504da6da6561a1dbd2f29bb5e7af80c5c9aa01a4751663
Size

4.4MB
Sample

240613-3w7rwszelj
MD5

50c802b1e6345cd8665c3fd4c4fa7ceb
SHA1

fbab3a6fffcafa02a1b2ef90273abb9926455170
SHA256

b778e209008c767594504da6da6561a1dbd2f29bb5e7af80c5c9aa01a4751663
SHA512

88b9a35648641bdc382e2aec27eaef7a56fef9808f28af8af03f7fb4b0895e19296a6d181b20bd7f5774c1f759dbf6f2ab3632060decc3d3f2c8f8a07cbc6e5d
SSDEEP

98304:myoSu22YSxeLaFcEb+Q7fNdsbOAxaL3DtN2pp2f+nR/CES2CoU:hoSu22YSx7GEb9jNdGxaL3Dapp2SjS2Q

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

ezmblol.ua

http://ezmblol.ua/search/?q=67e28dd83955a42b4006aa1b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ee8889b5e4fa9281ae978f671ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f8dfd13c8eb91

cejglwy.net

http://cejglwy.net/search/?q=67e28dd8655bf57a4609f84c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff712c2ed9d9e39

Targets

- Target
  
  b778e209008c767594504da6da6561a1dbd2f29bb5e7af80c5c9aa01a4751663
- Size
  
  4.4MB
- MD5
  
  50c802b1e6345cd8665c3fd4c4fa7ceb
- SHA1
  
  fbab3a6fffcafa02a1b2ef90273abb9926455170
- SHA256
  
  b778e209008c767594504da6da6561a1dbd2f29bb5e7af80c5c9aa01a4751663
- SHA512
  
  88b9a35648641bdc382e2aec27eaef7a56fef9808f28af8af03f7fb4b0895e19296a6d181b20bd7f5774c1f759dbf6f2ab3632060decc3d3f2c8f8a07cbc6e5d
- SSDEEP
  
  98304:myoSu22YSxeLaFcEb+Q7fNdsbOAxaL3DtN2pp2f+nR/CES2CoU:hoSu22YSx7GEb9jNdGxaL3Dapp2SjS2Q
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2