Overview

overview

10

Static

static

10

parallax.exe.dll

windows7_x64

10

parallax.exe.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    parallax.exe

  • Size

    37KB

  • Sample

    210721-7p5r49cvgs

  • MD5

    4a7bed74f3cf9646b8417195b5e6f4c6

  • SHA1

    5fad487e6e1beb22f20abb653343a0dca8c73b1d

  • SHA256

    353960d78bf700a0b4a0ea1d41df188f0cc0a3c5a178b73ac64aca01ee3fdb4d

  • SHA512

    349a8c5723e0aaf25d743490deea913e5da439394d135e7a9691ffc5618d4bdc3220f06def639a4d611f94c77729471fa6b8c6eac600ba2495db95a95784d8e4

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

149.248.34.200:4001

Targets

    • Target

      parallax.exe

    • Size

      37KB

    • MD5

      4a7bed74f3cf9646b8417195b5e6f4c6

    • SHA1

      5fad487e6e1beb22f20abb653343a0dca8c73b1d

    • SHA256

      353960d78bf700a0b4a0ea1d41df188f0cc0a3c5a178b73ac64aca01ee3fdb4d

    • SHA512

      349a8c5723e0aaf25d743490deea913e5da439394d135e7a9691ffc5618d4bdc3220f06def639a4d611f94c77729471fa6b8c6eac600ba2495db95a95784d8e4

    Score
    10/10
    systembctrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks