General

  • Target

    3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7

  • Size

    267KB

  • Sample

    220427-tegdyafhcp

  • MD5

    e213b1c3dc9cb0f7771d299d2cf7a346

  • SHA1

    85229bc75fb370973c78afef7409554bc891dcf1

  • SHA256

    3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7

  • SHA512

    9bd45559c7da861711a8f706a8c2b5dc83916ff44f988ea86eb8794daf128b5ad426b954ff58356cfc521c165fb129bdbeafe286d4184250ca66b621125514e4

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7

    • Size

      267KB

    • MD5

      e213b1c3dc9cb0f7771d299d2cf7a346

    • SHA1

      85229bc75fb370973c78afef7409554bc891dcf1

    • SHA256

      3d2a6335cf267e52f65d919aeea421c75f47878f4139a80842080485b72d2ac7

    • SHA512

      9bd45559c7da861711a8f706a8c2b5dc83916ff44f988ea86eb8794daf128b5ad426b954ff58356cfc521c165fb129bdbeafe286d4184250ca66b621125514e4

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks