29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

General
Target

29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

Size

267KB

Sample

220427-telnnacae2

Score
10 /10
MD5

96b1c3d8279ef00b1b8b1e2c4bc64d77

SHA1

d9cece2958797a7fe2895ef9fe9ebdb80717de73

SHA256

29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

SHA512

120778338d6507742dfdf3a911f9c7de509bab853cf6c0332cd936c8ec0bb469e5c26fc1dda4768e66d09f6eadcbd98713efea26c49a35c433a5642e27f79127

Malware Config

Extracted

Family systembc
C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets
Target

29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

MD5

96b1c3d8279ef00b1b8b1e2c4bc64d77

Filesize

267KB

Score
10/10
SHA1

d9cece2958797a7fe2895ef9fe9ebdb80717de73

SHA256

29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

SHA512

120778338d6507742dfdf3a911f9c7de509bab853cf6c0332cd936c8ec0bb469e5c26fc1dda4768e66d09f6eadcbd98713efea26c49a35c433a5642e27f79127

Tags

Signatures

  • SystemBC

    Description

    SystemBC is a proxy and remote administration tool first seen in 2019.

    Tags

  • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    Description

    suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    Tags

  • Executes dropped EXE

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10