Overview

overview

10

Static

static

a7c6a1d224...61.exe

windows7_x64

10

a7c6a1d224...61.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a7c6a1d224cf00ada45c4db86f9080e25965513f85c6ecd7b8d8d9c847b36c61

  • Size

    91KB

  • Sample

    220415-hlt3tsaecq

  • MD5

    a2d3b46eda5ac1fa3e13d132cc8f57f0

  • SHA1

    5f816267f2d1c0d32df65e85f6582673a7070f19

  • SHA256

    a7c6a1d224cf00ada45c4db86f9080e25965513f85c6ecd7b8d8d9c847b36c61

  • SHA512

    7127703dfe4d39e0b3fc59583cc322b517f40530170ef4936452a85618f2db97f65b4063b6c40d554c0719b440e7919e9ee9d56bd93bcf37420c90f10f4d1e8c

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      a7c6a1d224cf00ada45c4db86f9080e25965513f85c6ecd7b8d8d9c847b36c61

    • Size

      91KB

    • MD5

      a2d3b46eda5ac1fa3e13d132cc8f57f0

    • SHA1

      5f816267f2d1c0d32df65e85f6582673a7070f19

    • SHA256

      a7c6a1d224cf00ada45c4db86f9080e25965513f85c6ecd7b8d8d9c847b36c61

    • SHA512

      7127703dfe4d39e0b3fc59583cc322b517f40530170ef4936452a85618f2db97f65b4063b6c40d554c0719b440e7919e9ee9d56bd93bcf37420c90f10f4d1e8c

    Score
    10/10
    systembcsuricatatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks