General

  • Target

    058ecdb55708392f302e1b6fd2ef68fc31a80fa9ebe7343da87b9a4619884f2d

  • Size

    109KB

  • Sample

    220427-sv3rfaehgp

  • MD5

    477ffaca62df8a3d812c6cb2f7c89f23

  • SHA1

    037cf4c400fe47701e29cdceee25f88879745d02

  • SHA256

    058ecdb55708392f302e1b6fd2ef68fc31a80fa9ebe7343da87b9a4619884f2d

  • SHA512

    e05de09c416d9a1e67e1c22bc9a81a823c784a4829921cad1f762cbb7efca394fd45dc0dcade7ad4bd0bf64593b681532f3844c969bee0ce6d9ad7994d0f4b26

Malware Config

Extracted

Family

systembc

C2

asdasd08.com:4039

asdasd08.xyz:4039

Targets

    • Target

      058ecdb55708392f302e1b6fd2ef68fc31a80fa9ebe7343da87b9a4619884f2d

    • Size

      109KB

    • MD5

      477ffaca62df8a3d812c6cb2f7c89f23

    • SHA1

      037cf4c400fe47701e29cdceee25f88879745d02

    • SHA256

      058ecdb55708392f302e1b6fd2ef68fc31a80fa9ebe7343da87b9a4619884f2d

    • SHA512

      e05de09c416d9a1e67e1c22bc9a81a823c784a4829921cad1f762cbb7efca394fd45dc0dcade7ad4bd0bf64593b681532f3844c969bee0ce6d9ad7994d0f4b26

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks