Overview

overview

10

Static

static

4d586a534d...dd.exe

windows7_x64

10

4d586a534d...dd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d586a534d4ac3e4f084ee1f29a51856b2c316fe7745bb0cfbf13447fa3291dd

  • Size

    168KB

  • Sample

    220419-gtpbwabgg8

  • MD5

    a554fcbe9859c314ee657507f58bd1ab

  • SHA1

    3355e28863ab4391e9bba4cf95c214acd44207c1

  • SHA256

    4d586a534d4ac3e4f084ee1f29a51856b2c316fe7745bb0cfbf13447fa3291dd

  • SHA512

    f5e6ebd159ec20352162837750fc6f7d45db6927ed54d75d41ab67d21e45113b596073c23e71ea39cfbe2aaf27bd46c75e2de656d63b254a1eaf208420471673

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

26asdcgd.com:4039

26asdcgd.xyz:4039

Targets

    • Target

      4d586a534d4ac3e4f084ee1f29a51856b2c316fe7745bb0cfbf13447fa3291dd

    • Size

      168KB

    • MD5

      a554fcbe9859c314ee657507f58bd1ab

    • SHA1

      3355e28863ab4391e9bba4cf95c214acd44207c1

    • SHA256

      4d586a534d4ac3e4f084ee1f29a51856b2c316fe7745bb0cfbf13447fa3291dd

    • SHA512

      f5e6ebd159ec20352162837750fc6f7d45db6927ed54d75d41ab67d21e45113b596073c23e71ea39cfbe2aaf27bd46c75e2de656d63b254a1eaf208420471673

    Score
    10/10
    systembctrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks