General

  • Target

    20e5ae4397a4ab132e7e8a5f316d08d3.exe

  • Size

    231KB

  • Sample

    220327-vsjlwsfbap

  • MD5

    20e5ae4397a4ab132e7e8a5f316d08d3

  • SHA1

    f1a05d3426661dad12ea034ac9710c5842923df4

  • SHA256

    b4286bce9138f9c8fff9f8fc2eb4dcda9d48af83c62cf5ea03de48f862b301d9

  • SHA512

    5b8e49bcf0a1e40f0cde13c6f160e4008d993087bd087f320fd46fcb48d304d890c3e1e5e64b518c5466ab5536cef11dd6c5e0ba30d802e9f0da1d34bd3026fb

Malware Config

Extracted

Family

systembc

C2

31.44.185.6:4001

31.44.185.11:4001

Targets

    • Target

      20e5ae4397a4ab132e7e8a5f316d08d3.exe

    • Size

      231KB

    • MD5

      20e5ae4397a4ab132e7e8a5f316d08d3

    • SHA1

      f1a05d3426661dad12ea034ac9710c5842923df4

    • SHA256

      b4286bce9138f9c8fff9f8fc2eb4dcda9d48af83c62cf5ea03de48f862b301d9

    • SHA512

      5b8e49bcf0a1e40f0cde13c6f160e4008d993087bd087f320fd46fcb48d304d890c3e1e5e64b518c5466ab5536cef11dd6c5e0ba30d802e9f0da1d34bd3026fb

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

      suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

    • suricata: ET MALWARE Win32/SystemBC CnC Checkin

      suricata: ET MALWARE Win32/SystemBC CnC Checkin

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Matrix

Tasks