c96012bf82cc15058dd53887b068bbd8.exe

General
Target

c96012bf82cc15058dd53887b068bbd8.exe

Size

267KB

Sample

201214-72qzpyctx2

Score
10 /10
MD5

c96012bf82cc15058dd53887b068bbd8

SHA1

3502862e8ef4edd8ff5a427849d8c9f38e45160d

SHA256

36a101b5a13436dd67e2b33c2abbae7cdd86a7ed951185a1914c12685339ad74

SHA512

315495dcba5d3624ce716ea534a1f74d7256f176b06a7dac006b64d8019ce4dc9ae67857466d1a838ab8bd02ad70fb14b4e425ab29e5e00c6ab8b19a0d94e56a

Malware Config
Targets
Target

c96012bf82cc15058dd53887b068bbd8.exe

MD5

c96012bf82cc15058dd53887b068bbd8

Filesize

267KB

Score
10 /10
SHA1

3502862e8ef4edd8ff5a427849d8c9f38e45160d

SHA256

36a101b5a13436dd67e2b33c2abbae7cdd86a7ed951185a1914c12685339ad74

SHA512

315495dcba5d3624ce716ea534a1f74d7256f176b06a7dac006b64d8019ce4dc9ae67857466d1a838ab8bd02ad70fb14b4e425ab29e5e00c6ab8b19a0d94e56a

Tags

Signatures

  • SystemBC

    Description

    SystemBC is a proxy and remote administration tool first seen in 2019.

    Tags

  • Executes dropped EXE

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Description

    Malware can proxy its traffic through Tor for more anonymity.

    TTPs

    Connection Proxy

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10