socks5systemz

General

Target

ef7bb8f96b97392ee285a9116f01456266a3a49d79b8489ad83455c3b4ff1f20
Size

5.4MB
Sample

240627-3hdxnaybqe
MD5

46eadbb3fbd4d7c71db9aa8c4ef522ff
SHA1

362230f0afeaa0138429d02235c1ea91aa16c31d
SHA256

ef7bb8f96b97392ee285a9116f01456266a3a49d79b8489ad83455c3b4ff1f20
SHA512

e2e7c329d17a72206a010c8c72e8d5ebd4432c3f4eea2974340aeac22845fef5a14a23aa0631e24eb317dcefd517e7ec37d3d8f595cece306ac1634cf9da81d6
SSDEEP

98304:mWZC6ahEftG8VVGlNLRFZLe3D5u3Hla1m7u95t1ElxDtFVZ3RTqG+JOS7ueQ+1MI:bBaMbGldRFZLeTIVa1cuBCno7uerWfU7

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

bwkdssv.com

http://bwkdssv.com/search/?q=67e28dd86f5ff42d4509ac187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6e8bfc10c1ee92

gdrjixr.com

http://gdrjixr.com/search/?q=67e28dd86f5ff42d4509ac187c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4de8889b5e4fa9281ae978f771ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923a6e8bfc10c1ee92

ddellbo.info

http://ddellbo.info/search/?q=67e28dd8655bf57a4609f84c7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa48e8889b5e4fa9281ae978ff71ea771795af8e05c645db22f31dfe339426fa11a366c350adb719a9577e55b8603e983a608ff614c3ee949a3c

Targets

- Target
  
  ef7bb8f96b97392ee285a9116f01456266a3a49d79b8489ad83455c3b4ff1f20
- Size
  
  5.4MB
- MD5
  
  46eadbb3fbd4d7c71db9aa8c4ef522ff
- SHA1
  
  362230f0afeaa0138429d02235c1ea91aa16c31d
- SHA256
  
  ef7bb8f96b97392ee285a9116f01456266a3a49d79b8489ad83455c3b4ff1f20
- SHA512
  
  e2e7c329d17a72206a010c8c72e8d5ebd4432c3f4eea2974340aeac22845fef5a14a23aa0631e24eb317dcefd517e7ec37d3d8f595cece306ac1634cf9da81d6
- SSDEEP
  
  98304:mWZC6ahEftG8VVGlNLRFZLe3D5u3Hla1m7u95t1ElxDtFVZ3RTqG+JOS7ueQ+1MI:bBaMbGldRFZLeTIVa1cuBCno7uerWfU7
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2