socks5systemz

General

Target

cab641cc941789b948c84f354c83a67b9684ecaee4ffad7981316931ffb903c1.exe
Size

4.2MB
Sample

250318-kfrfvs1pz3
MD5

a6c09deec506d071cec0878397a20d48
SHA1

6ac287f90b4372615f1c0c7287acdc8eec796c0c
SHA256

cab641cc941789b948c84f354c83a67b9684ecaee4ffad7981316931ffb903c1
SHA512

7db70ec5775c77e43713cc83eae19bc0b678f4ab724afa536d0032e6433f77942271c0e325fd098366707815f83eb0d6f3dcde9f0f8d5c5c262a47237cecee77
SSDEEP

98304:iEEUwKP/axciBQq5gBd7mMVnMNlNtZkGOLKnsoaLPM0je3HEv0C:/0KP/altgBoMhu3iLKsor3kv0C

Score

10^/10

Malware Config

Extracted

Family

socks5systemz

C2

cklewaj.net

http://cklewaj.net/search/?q=67e28dd83a5ca421460bad497c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a371ea771795af8e05c645db22f31df92d8b38e316a667d307eca743ec4c2b07b52966923f658cf717c8eb95

http://cklewaj.net/search/?q=67e28dd83a5ca421460bad497c27d78406abdd88be4b12eab517aa5c96bd86e995814f845a8bbc896c58e713bc90c91936b5281fc235a925ed3e00d6bd974a95129070b616e96cc92be20ea778c255bbe258b90d3b4eed3233d1626a8ff815c2ed9d9c33c96f

aabowdj.ru

http://aabowdj.ru/search/?q=67e28dd83a09f729130ead4a7c27d78406abdd88be4b12ebb517aa5c96bd86ed82df14d714bca5817673aa4ce8889b5e4fa9281ae978a271ea771795af8e05c645db22f31dfe339426fa11af66c152adb719a9577e55b8603e983a608afd13c8e99d9933

Targets

- Target
  
  cab641cc941789b948c84f354c83a67b9684ecaee4ffad7981316931ffb903c1.exe
- Size
  
  4.2MB
- MD5
  
  a6c09deec506d071cec0878397a20d48
- SHA1
  
  6ac287f90b4372615f1c0c7287acdc8eec796c0c
- SHA256
  
  cab641cc941789b948c84f354c83a67b9684ecaee4ffad7981316931ffb903c1
- SHA512
  
  7db70ec5775c77e43713cc83eae19bc0b678f4ab724afa536d0032e6433f77942271c0e325fd098366707815f83eb0d6f3dcde9f0f8d5c5c262a47237cecee77
- SSDEEP
  
  98304:iEEUwKP/axciBQq5gBd7mMVnMNlNtZkGOLKnsoaLPM0je3HEv0C:/0KP/altgBoMhu3iLKsor3kv0C
Score

10^/10

socks5systemz botnet discovery
- Detect Socks5Systemz Payload
- Socks5Systemz
  Socks5Systemz is a botnet written in C++.
  botnet socks5systemz
- Socks5systemz family
  socks5systemz
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detect Socks5Systemz Payload

Socks5systemz family

Executes dropped EXE

Loads dropped DLL

Unexpected DNS network traffic destination

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2