socks5systemz

General

Target

2ca3e7b899022ef1d41e3f6b6de78d4b63e3e5db81b8f00db085eaa05625804d
Size

4.8MB
Sample

240613-zgd99azclc
MD5

f932f45d6586f5b7643c0d23a0d03183
SHA1

d42f323c017e4332b58e1f8a309f271000af0cae
SHA256

2ca3e7b899022ef1d41e3f6b6de78d4b63e3e5db81b8f00db085eaa05625804d
SHA512

849491f1edfe2f772ca5ee14b510401337e9fe21c89d60234c271492c62f0c75b28491c91038f24583cc80e84efe272ac5177133c29f82ca7229d82ff73d80ae
SSDEEP

98304:mWlruAtDxyTMUwPFbluZa+NpaDzR3io9+C3byDS/vwQLe:3lrwTCbYQjXRSoY6eqwf

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

bodcodq.com

http://bodcodq.com/search/?q=67e28dd83f08f52f150eab187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ae8889b5e4fa9281ae978f471ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608ff712c1ee96993b

http://bodcodq.com/search/?q=67e28dd83f08f52f150eab187c27d78406abdd88be4b12eab517aa5c96bd86e890834e96148ab2865b77f80ebad9c20f7cb63037ed2ab423a4314383ba915d911ec07bb606a0708727e40ea678c45abbe74ffb0e2807e12571c17f3e83fe16c1e7969b3ace6c96

bxayrgu.com

Targets

- Target
  
  2ca3e7b899022ef1d41e3f6b6de78d4b63e3e5db81b8f00db085eaa05625804d
- Size
  
  4.8MB
- MD5
  
  f932f45d6586f5b7643c0d23a0d03183
- SHA1
  
  d42f323c017e4332b58e1f8a309f271000af0cae
- SHA256
  
  2ca3e7b899022ef1d41e3f6b6de78d4b63e3e5db81b8f00db085eaa05625804d
- SHA512
  
  849491f1edfe2f772ca5ee14b510401337e9fe21c89d60234c271492c62f0c75b28491c91038f24583cc80e84efe272ac5177133c29f82ca7229d82ff73d80ae
- SSDEEP
  
  98304:mWlruAtDxyTMUwPFbluZa+NpaDzR3io9+C3byDS/vwQLe:3lrwTCbYQjXRSoY6eqwf
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2