Extracted

• • Target

    right-arrow.svg

  • Size

    942B

  • MD5

    082515300dff3450faa8780515be7d49

  • SHA1

    5c26504a54ba6d7c9dd2b4eeb3c2b4232a4af9b1

  • SHA256

    a95a3d988edb17d894e845c6b4055e59ed773bd2d7e10bdea43a9de3bb498100

  • SHA512

    c35a439b2a0232336c821c6bb883936b71d92ef58b1698b605069577fa81bfb444a6b1c40084d6b6585ca4f961b5e3a5bb5fa8c39988dd17a53ebbcef326abc6

  Score

  10^/10

  socks5systemzbotnetdiscoveryexecutionpersistenceprivilege_escalationspywarestealer

  • Detect Socks5Systemz Payload

  • Socks5Systemz

    Socks5Systemz is a botnet written in C++.

    botnetsocks5systemz

  • Blocklisted process makes network request

  • Command and Scripting Interpreter: PowerShell

    Run Powershell and hide display window.

    execution

  • Downloads MZ/PE file

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops Chrome extension

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  behavioral1