socks5systemz

General

Target

ba728b89205a08e8a9f4b6e792ab548ad663c86100724335746a3a28874dcdbd
Size

5.7MB
Sample

240620-24lc7awdjm
MD5

8ae3ef0a5f771c06f8ac32eebda7b1c3
SHA1

a764284317beeadc5b316bdb08e999ca594d8cb3
SHA256

ba728b89205a08e8a9f4b6e792ab548ad663c86100724335746a3a28874dcdbd
SHA512

6e98f90c9bb90d3b3a68cc44826972f51fddcdfc39107141ee1829122d0828b3505995e59d7434b77cd7c918b119fa64c16c80af7bd228d97cf007afbb5491e9
SSDEEP

98304:mRqzKB0/RheeDbbPq1AU8Kn1kP7pJ1EG8oSOhujyWukuQ6x1ocKVBbyBM3RuVAk+:Ve8RjfPq1jtna/PSOhR9kubx1odDbkML

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

cerljbq.net

http://cerljbq.net/search/?q=67e28dd86a5ba0284308f94b7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978f071ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6f87fd15c9ea92

ckuvvac.net

http://ckuvvac.net/search/?q=67e28dd8655bf57a4609f84c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff718c2eb9c9f3e

Targets

- Target
  
  ba728b89205a08e8a9f4b6e792ab548ad663c86100724335746a3a28874dcdbd
- Size
  
  5.7MB
- MD5
  
  8ae3ef0a5f771c06f8ac32eebda7b1c3
- SHA1
  
  a764284317beeadc5b316bdb08e999ca594d8cb3
- SHA256
  
  ba728b89205a08e8a9f4b6e792ab548ad663c86100724335746a3a28874dcdbd
- SHA512
  
  6e98f90c9bb90d3b3a68cc44826972f51fddcdfc39107141ee1829122d0828b3505995e59d7434b77cd7c918b119fa64c16c80af7bd228d97cf007afbb5491e9
- SSDEEP
  
  98304:mRqzKB0/RheeDbbPq1AU8Kn1kP7pJ1EG8oSOhujyWukuQ6x1ocKVBbyBM3RuVAk+:Ve8RjfPq1jtna/PSOhR9kubx1odDbkML
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2