Overview

overview

10

Static

static

2dc9d1c67b...a9.exe

windows7_x64

10

2dc9d1c67b...a9.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2dc9d1c67be6bd53a8a27d3e76a65bcb177d9b7e2a8858e87e4742f22b4bffa9

  • Size

    263KB

  • Sample

    220414-q9qz3sbedl

  • MD5

    98074264b902c847f5bc9ca28b0bd690

  • SHA1

    94c72ed82e131caff62f88fe1e5a611f4c007beb

  • SHA256

    2dc9d1c67be6bd53a8a27d3e76a65bcb177d9b7e2a8858e87e4742f22b4bffa9

  • SHA512

    6a00287dadf57a002ca281c9a2349caf0a4bf6ed6510ab77d973a5331f31d12616b903c93ee54e7ef226271f6c256f086aec7572510fbcc4f0fc6503d090a1b1

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      2dc9d1c67be6bd53a8a27d3e76a65bcb177d9b7e2a8858e87e4742f22b4bffa9

    • Size

      263KB

    • MD5

      98074264b902c847f5bc9ca28b0bd690

    • SHA1

      94c72ed82e131caff62f88fe1e5a611f4c007beb

    • SHA256

      2dc9d1c67be6bd53a8a27d3e76a65bcb177d9b7e2a8858e87e4742f22b4bffa9

    • SHA512

      6a00287dadf57a002ca281c9a2349caf0a4bf6ed6510ab77d973a5331f31d12616b903c93ee54e7ef226271f6c256f086aec7572510fbcc4f0fc6503d090a1b1

    Score
    10/10
    systembctrojansuricata

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks