Overview

overview

10

Static

static

f596361928...72.exe

windows7_x64

10

f596361928...72.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572

  • Size

    152KB

  • Sample

    220330-btnsfsabdm

  • MD5

    fdc04e9186fa3085fac12d029542ae33

  • SHA1

    168d4d4614d89fa69bb9af26d7373ceae5ea09b3

  • SHA256

    f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572

  • SHA512

    e3f3baa0331d371f22891288542ca04057f06cb0e288c2cb34e7e9ed008116e8f8361ea10dca6a1fd38bbc5093cf1981e51f79b2a128cd569cbf9bc742ad82c0

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572

    • Size

      152KB

    • MD5

      fdc04e9186fa3085fac12d029542ae33

    • SHA1

      168d4d4614d89fa69bb9af26d7373ceae5ea09b3

    • SHA256

      f59636192874b9735dc7a4cb55eb0aa64e5499df1e7154a807b3cc0a46e35572

    • SHA512

      e3f3baa0331d371f22891288542ca04057f06cb0e288c2cb34e7e9ed008116e8f8361ea10dca6a1fd38bbc5093cf1981e51f79b2a128cd569cbf9bc742ad82c0

    Score
    10/10
    systembcsuricatatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks