General
-
Target
systembc.exe
-
Size
37KB
-
Sample
210721-nrs5b3vf9x
-
MD5
8fa05b4bb735337625a1a0bc8c1e643c
-
SHA1
7628c5da3383690e548bbc24317c5d7bbb168def
-
SHA256
39e7c94d3d5e7b7b316d87d61daea6ac78f47ebeb6fce586322e6e645db5e5e3
-
SHA512
e3aa1ca9086e4464f3876de3ddf2ee7b118470ec7c0e783e9e329b281316b16b63f858e646eb69ba97e3f9fffabe6a4f1c6ba20d5e10862c8bfc7fc2d876edb1
Static task
static1
Behavioral task
behavioral1
Sample
systembc.exe.dll
Resource
win7v20210408
Malware Config
Extracted
systembc
149.248.34.200:4001
Targets
-
-
Target
systembc.exe
-
Size
37KB
-
MD5
8fa05b4bb735337625a1a0bc8c1e643c
-
SHA1
7628c5da3383690e548bbc24317c5d7bbb168def
-
SHA256
39e7c94d3d5e7b7b316d87d61daea6ac78f47ebeb6fce586322e6e645db5e5e3
-
SHA512
e3aa1ca9086e4464f3876de3ddf2ee7b118470ec7c0e783e9e329b281316b16b63f858e646eb69ba97e3f9fffabe6a4f1c6ba20d5e10862c8bfc7fc2d876edb1
-
Blocklisted process makes network request
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-