General

  • Target

    776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2

  • Size

    359KB

  • Sample

    220324-qzyxyahgg6

  • MD5

    e7257f950392e2d066876e0f2c0f4edc

  • SHA1

    85d70a406fec548e52086ea5da1c7d106be5c2c9

  • SHA256

    776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2

  • SHA512

    885a33de76be19e876299a7e030e80ce734065d2bf46a0cea2900ea706197e6abf898ee24929e26040748a0fd1be53ae96d891b76051cce56f7bd34cb2e7690d

Score
10/10

Malware Config

Extracted

Family

systembc

C2

172.105.196.152:4114

Targets

    • Target

      776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2

    • Size

      359KB

    • MD5

      e7257f950392e2d066876e0f2c0f4edc

    • SHA1

      85d70a406fec548e52086ea5da1c7d106be5c2c9

    • SHA256

      776dea13d3659a794cea95d8df98ef04d467959bf77358dba1ec06fb80a24bc2

    • SHA512

      885a33de76be19e876299a7e030e80ce734065d2bf46a0cea2900ea706197e6abf898ee24929e26040748a0fd1be53ae96d891b76051cce56f7bd34cb2e7690d

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v6

Tasks