General

  • Target

    686b40dcb167653cb7a8463928c26af1.exe

  • Size

    9.5MB

  • Sample

    220309-y5klhaeedn

  • MD5

    686b40dcb167653cb7a8463928c26af1

  • SHA1

    d6146b6fdf516223735e4e881fa797432dff3923

  • SHA256

    595e1545c53d27fb1315e70b241e66f44b28a49be59a717ca4936d167e121470

  • SHA512

    c40d9c17e1b6d1100425b15d0f800562579b935a83e1c9b8f4099d8a4262b7287f545f4c0a00ab040c92e239fe946416242461dd712d4cb63deca5f651558f8f

Malware Config

Extracted

Family

systembc

C2

5.101.78.2:4127

192.53.123.202:4127

Targets

    • Target

      686b40dcb167653cb7a8463928c26af1.exe

    • Size

      9.5MB

    • MD5

      686b40dcb167653cb7a8463928c26af1

    • SHA1

      d6146b6fdf516223735e4e881fa797432dff3923

    • SHA256

      595e1545c53d27fb1315e70b241e66f44b28a49be59a717ca4936d167e121470

    • SHA512

      c40d9c17e1b6d1100425b15d0f800562579b935a83e1c9b8f4099d8a4262b7287f545f4c0a00ab040c92e239fe946416242461dd712d4cb63deca5f651558f8f

    • Babadeda

      Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.

    • Babadeda Crypter

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks