Overview

overview

10

Static

static

75bd3900ae...86.exe

windows7_x64

10

75bd3900ae...86.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486

  • Size

    156KB

  • Sample

    220330-kjh9naehem

  • MD5

    3ca6807211a0720f8f4eb6650014cf84

  • SHA1

    5ea53d154530731e34a12a2dcf1291f3cd787a67

  • SHA256

    75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486

  • SHA512

    9a353d9c5ce677d309147c860f55957982a1df9de47d8d464f591e37a96241c9c036beffb46911f21d7b61bb419c568600dbe378533ce5294b3cdc61e2d47155

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486

    • Size

      156KB

    • MD5

      3ca6807211a0720f8f4eb6650014cf84

    • SHA1

      5ea53d154530731e34a12a2dcf1291f3cd787a67

    • SHA256

      75bd3900ae29fc2d68c2fcf2f74f1444730f1d25a1c26a2a81c8657c816bc486

    • SHA512

      9a353d9c5ce677d309147c860f55957982a1df9de47d8d464f591e37a96241c9c036beffb46911f21d7b61bb419c568600dbe378533ce5294b3cdc61e2d47155

    Score
    10/10
    systembcsuricatatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks