General

  • Target

    34aafc02c00121fa34646aeb5abdd1c253ed74817d82a53c6b38f643b52081ce

  • Size

    3.7MB

  • Sample

    240811-mjpsjszdmg

  • MD5

    4d3dcc0efebaa29fc6dfa41fda013c6f

  • SHA1

    d43de39edcf393773370ae718ebde60c022ee495

  • SHA256

    34aafc02c00121fa34646aeb5abdd1c253ed74817d82a53c6b38f643b52081ce

  • SHA512

    3460b71f1054fe0cb0f4d3542f8a93f5b1c21f92038e823d2af180a604c8c023d4c677e1ea9791cf79bb12fac2c2c771b862c0f87f3cb5107e38d11ccf100bce

  • SSDEEP

    98304:NgUDGJ0yC1egV9WtnhbF3GkJ82COiATeSaFPyb9ILDurdw:7u4odF3Gf2DiGecb9I+rG

Malware Config

Targets

    • Target

      34aafc02c00121fa34646aeb5abdd1c253ed74817d82a53c6b38f643b52081ce

    • Size

      3.7MB

    • MD5

      4d3dcc0efebaa29fc6dfa41fda013c6f

    • SHA1

      d43de39edcf393773370ae718ebde60c022ee495

    • SHA256

      34aafc02c00121fa34646aeb5abdd1c253ed74817d82a53c6b38f643b52081ce

    • SHA512

      3460b71f1054fe0cb0f4d3542f8a93f5b1c21f92038e823d2af180a604c8c023d4c677e1ea9791cf79bb12fac2c2c771b862c0f87f3cb5107e38d11ccf100bce

    • SSDEEP

      98304:NgUDGJ0yC1egV9WtnhbF3GkJ82COiATeSaFPyb9ILDurdw:7u4odF3Gf2DiGecb9I+rG

    • Detect Socks5Systemz Payload

    • Socks5Systemz

      Socks5Systemz is a botnet written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks