General
-
Target
90e911af297498fdfd40e24a9b33e106b082c9e4a00caf2a7f341da9b044b43d
-
Size
85KB
-
Sample
220415-kdmd5agdc4
-
MD5
281ab6111ab22e0e725a98e5496e7ce5
-
SHA1
d9f0476d385901285953b8ed0a8fbcbcdfba7da3
-
SHA256
90e911af297498fdfd40e24a9b33e106b082c9e4a00caf2a7f341da9b044b43d
-
SHA512
35c4f4b605476ee96270cc75897bc666c78d11f68107c25d1f3803bcd66ff2fff11388b51ff8cb1ffb12834ac3ed338ce2b3a0c911b67642cc77515eab6c300f
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
90e911af297498fdfd40e24a9b33e106b082c9e4a00caf2a7f341da9b044b43d
-
Size
85KB
-
MD5
281ab6111ab22e0e725a98e5496e7ce5
-
SHA1
d9f0476d385901285953b8ed0a8fbcbcdfba7da3
-
SHA256
90e911af297498fdfd40e24a9b33e106b082c9e4a00caf2a7f341da9b044b43d
-
SHA512
35c4f4b605476ee96270cc75897bc666c78d11f68107c25d1f3803bcd66ff2fff11388b51ff8cb1ffb12834ac3ed338ce2b3a0c911b67642cc77515eab6c300f
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-