General
-
Target
477079b5846088b1e126ae08735d36c1.exe
-
Size
227KB
-
Sample
220327-vsjlwsfbaq
-
MD5
477079b5846088b1e126ae08735d36c1
-
SHA1
8f26d9582fa44498f7a6abb17e45554ca115ab79
-
SHA256
4d62a012bd9a4700b2a0bc7143151eeaf12d1eb88bb8b02701902168cd42ce24
-
SHA512
2520257f0a333821d0f39f4db811b422c8cb1d48869a237c39d40fbcd3c49822e17d48d9c854daee807bae2b9b0c2487576e93ccdbff947e82d9cd537c3f58c7
Malware Config
Extracted
systembc
31.44.185.6:4001
31.44.185.11:4001
Targets
-
-
Target
477079b5846088b1e126ae08735d36c1.exe
-
Size
227KB
-
MD5
477079b5846088b1e126ae08735d36c1
-
SHA1
8f26d9582fa44498f7a6abb17e45554ca115ab79
-
SHA256
4d62a012bd9a4700b2a0bc7143151eeaf12d1eb88bb8b02701902168cd42ce24
-
SHA512
2520257f0a333821d0f39f4db811b422c8cb1d48869a237c39d40fbcd3c49822e17d48d9c854daee807bae2b9b0c2487576e93ccdbff947e82d9cd537c3f58c7
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata: ET MALWARE Win32/SystemBC CnC Checkin
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-