General

  • Target

    572eb88ef3e508c0556d55b4e7f649bd.exe

  • Size

    237KB

  • Sample

    220321-j3ak7aafal

  • MD5

    572eb88ef3e508c0556d55b4e7f649bd

  • SHA1

    a2251c07ea52e9886be15835d45eac41c24af78d

  • SHA256

    bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

  • SHA512

    8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Targets

    • Target

      572eb88ef3e508c0556d55b4e7f649bd.exe

    • Size

      237KB

    • MD5

      572eb88ef3e508c0556d55b4e7f649bd

    • SHA1

      a2251c07ea52e9886be15835d45eac41c24af78d

    • SHA256

      bad62abd7ad29c3d1379bd06439b3208549ceff63772420104c1b322a4abc810

    • SHA512

      8f9ed7ae2b94a3a6cb7e70a7192509d5dc8a8d728bedcdd01c2129608edbc0fc5c6b487733de72d54ba7dda438df7887381669466759d3e5bd8a8835b32335e9

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

      suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    • suricata: ET MALWARE Win32/SystemBC CnC Checkin

      suricata: ET MALWARE Win32/SystemBC CnC Checkin

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks