Overview

overview

10

Static

static

a33bce78c3...da.exe

windows7_x64

10

a33bce78c3...da.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a33bce78c3d2f661f520dfd920567413fdc6c9a213c3d0f6a574f0d9ffa6e6da

  • Size

    285KB

  • Sample

    220326-h8wj6seefn

  • MD5

    d1cd66d2dca341712b4c6e15649d4a8e

  • SHA1

    8cde8dd0bd6271a55fb4de53713255d294ca1b80

  • SHA256

    a33bce78c3d2f661f520dfd920567413fdc6c9a213c3d0f6a574f0d9ffa6e6da

  • SHA512

    39c7be90423d291ea73ee08704024a741cd68e395f46de33d16d2e538a99f4ca58c35f998376814203606e634121fd973311a9621b77e0ab66afb144db32d1e9

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      a33bce78c3d2f661f520dfd920567413fdc6c9a213c3d0f6a574f0d9ffa6e6da

    • Size

      285KB

    • MD5

      d1cd66d2dca341712b4c6e15649d4a8e

    • SHA1

      8cde8dd0bd6271a55fb4de53713255d294ca1b80

    • SHA256

      a33bce78c3d2f661f520dfd920567413fdc6c9a213c3d0f6a574f0d9ffa6e6da

    • SHA512

      39c7be90423d291ea73ee08704024a741cd68e395f46de33d16d2e538a99f4ca58c35f998376814203606e634121fd973311a9621b77e0ab66afb144db32d1e9

    Score
    10/10
    systembcsuricatatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks