Overview

overview

10

Static

static

8e19fd66ec...8a.exe

windows7_x64

10

8e19fd66ec...8a.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a

  • Size

    203KB

  • Sample

    220419-qn1bmaabfk

  • MD5

    40bd21b534a875137016dd1c93407366

  • SHA1

    941dcff9464e407c060051475758f84e80998417

  • SHA256

    8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a

  • SHA512

    e5466a0c3b4e1c74192ee2db85bf3809904687934b6e2ffb2a1469b8f6510d03d80c948b364a67ed43fd4f753b29355dcb3252ecc073bca21e2880b4254ab31e

Score
10/10
systembcsuricatatrojan

Malware Config

Extracted

Family

systembc

C2

sdadvert197.com:4044

mexstat128.com:4044

Targets

    • Target

      8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a

    • Size

      203KB

    • MD5

      40bd21b534a875137016dd1c93407366

    • SHA1

      941dcff9464e407c060051475758f84e80998417

    • SHA256

      8e19fd66ec247a6ef30b5596bcf5ab7d615a12f0a79739117c1c88112c43968a

    • SHA512

      e5466a0c3b4e1c74192ee2db85bf3809904687934b6e2ffb2a1469b8f6510d03d80c948b364a67ed43fd4f753b29355dcb3252ecc073bca21e2880b4254ab31e

    Score
    10/10
    systembcsuricatatrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks