Overview

overview

10

Static

static

af35b29f58...dd.exe

windows7_x64

10

af35b29f58...dd.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd

  • Size

    253KB

  • Sample

    220419-qm487aaaen

  • MD5

    9cd154556bc65d6fe2007074790248f7

  • SHA1

    7340996d675919b7212134457b425923eb42563e

  • SHA256

    af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd

  • SHA512

    e2d55fcd373b5768023638a1e0ad3229710a75034c7acfd0896279ad716a72c1d51bd01710c4baba6be7b6919eb93c251de7632e7d258e95648a878099dd2c3a

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

sdadvert197.com:4044

mexstat128.com:4044

Targets

    • Target

      af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd

    • Size

      253KB

    • MD5

      9cd154556bc65d6fe2007074790248f7

    • SHA1

      7340996d675919b7212134457b425923eb42563e

    • SHA256

      af35b29f584f06fefbdb9f25bf0dd3679661e449bd3a9e7f282906b27ea517dd

    • SHA512

      e2d55fcd373b5768023638a1e0ad3229710a75034c7acfd0896279ad716a72c1d51bd01710c4baba6be7b6919eb93c251de7632e7d258e95648a878099dd2c3a

    Score
    10/10
    systembcsuricatatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks