Overview

overview

10

Static

static

271fe3448d...f2.exe

windows7_x64

10

271fe3448d...f2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2

  • Size

    308KB

  • Sample

    220328-yqt7dsaedp

  • MD5

    ffcf9dc241ae44958360fce0600d1f79

  • SHA1

    f469de123bbb6fc61d72a95b85260fc3b2f33ac4

  • SHA256

    271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2

  • SHA512

    f923c49c078c15063ae6a96730286bbeeab0dd74f6f3b90edf6b57665cb288e6e1e013134593ace34756eef6ea650ed051295ea5de070fdf8465aeb4373e40df

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2

    • Size

      308KB

    • MD5

      ffcf9dc241ae44958360fce0600d1f79

    • SHA1

      f469de123bbb6fc61d72a95b85260fc3b2f33ac4

    • SHA256

      271fe3448d93bd8763141e498c63551bfbd4633c83f51af3a20d7d97120a05f2

    • SHA512

      f923c49c078c15063ae6a96730286bbeeab0dd74f6f3b90edf6b57665cb288e6e1e013134593ace34756eef6ea650ed051295ea5de070fdf8465aeb4373e40df

    Score
    10/10
    systembcsuricatatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks