General

  • Target

    64efd694a2e536ed7265fb46da5198788d895a9b7b9c2434404209b61c143a5f

  • Size

    255KB

  • Sample

    220327-3e5k7saeaq

  • MD5

    142939679afaeaf6cf66d3b80ea7d63e

  • SHA1

    149465fd8b48f262bcf361047bb8035b5b1f33a2

  • SHA256

    64efd694a2e536ed7265fb46da5198788d895a9b7b9c2434404209b61c143a5f

  • SHA512

    bed423909f581415e80bf44960c5415f2527eee02cfd39b6201c1d67831be1dbefe27d58b27e4118cfddbeee42251596fa1f6e8912d6b22143dd75cf455561b8

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Targets

    • Target

      64efd694a2e536ed7265fb46da5198788d895a9b7b9c2434404209b61c143a5f

    • Size

      255KB

    • MD5

      142939679afaeaf6cf66d3b80ea7d63e

    • SHA1

      149465fd8b48f262bcf361047bb8035b5b1f33a2

    • SHA256

      64efd694a2e536ed7265fb46da5198788d895a9b7b9c2434404209b61c143a5f

    • SHA512

      bed423909f581415e80bf44960c5415f2527eee02cfd39b6201c1d67831be1dbefe27d58b27e4118cfddbeee42251596fa1f6e8912d6b22143dd75cf455561b8

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

      suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    • suricata: ET MALWARE Win32/SystemBC CnC Checkin

      suricata: ET MALWARE Win32/SystemBC CnC Checkin

    • Downloads MZ/PE file

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks