General

  • Target

    ab80e92fbdd11c699d650a455de769d0

  • Size

    392KB

  • Sample

    210624-347bh8t89e

  • MD5

    ab80e92fbdd11c699d650a455de769d0

  • SHA1

    56fa38589ebc1653d285aaaf9f79426ac5f1d826

  • SHA256

    4fb561dbdfd2eac3757e56df1cda954fc4cdbab3da7225ea97ed3a9111ae74e5

  • SHA512

    141d58c3a36982398cc991b83f4e4d70304c7fe9f3ef1920eec6ffba4b75164f326614e34f87b03ce576b5a08d2c84e369b775570ff57d727cab6313a792b0f5

Malware Config

Extracted

Family

systembc

C2

65.21.93.53:4173

95.216.118.223:4173

Targets

    • Target

      ab80e92fbdd11c699d650a455de769d0

    • Size

      392KB

    • MD5

      ab80e92fbdd11c699d650a455de769d0

    • SHA1

      56fa38589ebc1653d285aaaf9f79426ac5f1d826

    • SHA256

      4fb561dbdfd2eac3757e56df1cda954fc4cdbab3da7225ea97ed3a9111ae74e5

    • SHA512

      141d58c3a36982398cc991b83f4e4d70304c7fe9f3ef1920eec6ffba4b75164f326614e34f87b03ce576b5a08d2c84e369b775570ff57d727cab6313a792b0f5

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks