General

  • Target

    35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1

  • Size

    265KB

  • Sample

    220427-tehxrsfhcr

  • MD5

    b15da1de33a731f12b3574c1e6845a1c

  • SHA1

    08c12f9d8032dcb1f465cb1b57b8c2bc267f2ba6

  • SHA256

    35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1

  • SHA512

    3df7cfa9fabd23119d8dbc1f99aafca7388aaae14fcdb9283fed7f7c29930ef9e2129160b94887371c1bdd78083fa3d57171b2405bd686a255b22fb5950f618f

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1

    • Size

      265KB

    • MD5

      b15da1de33a731f12b3574c1e6845a1c

    • SHA1

      08c12f9d8032dcb1f465cb1b57b8c2bc267f2ba6

    • SHA256

      35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1

    • SHA512

      3df7cfa9fabd23119d8dbc1f99aafca7388aaae14fcdb9283fed7f7c29930ef9e2129160b94887371c1bdd78083fa3d57171b2405bd686a255b22fb5950f618f

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks