29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

Target

Size

267KB

Sample

220427-telnnacae2

Score

10 ^/10

MD5

96b1c3d8279ef00b1b8b1e2c4bc64d77

SHA1

d9cece2958797a7fe2895ef9fe9ebdb80717de73

SHA256

29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

SHA512

120778338d6507742dfdf3a911f9c7de509bab853cf6c0332cd936c8ec0bb469e5c26fc1dda4768e66d09f6eadcbd98713efea26c49a35c433a5642e27f79127

Extracted

Family	systembc
C2	advertrex20.xyz:4044 gentexman37.xyz:4044 advertrex20.xyz:4044 gentexman37.xyz:4044

Target

29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

MD5

96b1c3d8279ef00b1b8b1e2c4bc64d77

Filesize

267KB

Score

10^/10

SHA1

d9cece2958797a7fe2895ef9fe9ebdb80717de73

SHA256

29419e77b22185d288de119f4a415e5f5aebdd8034ab2fa5afbbca3b6866b20a

SHA512

120778338d6507742dfdf3a911f9c7de509bab853cf6c0332cd936c8ec0bb469e5c26fc1dda4768e66d09f6eadcbd98713efea26c49a35c433a5642e27f79127

Signatures

SystemBC
Description

SystemBC is a proxy and remote administration tool first seen in 2019.
Tags

trojan systembc
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
Description

suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
Tags

suricata
Executes dropped EXE
Looks up external IP address via web service
Description

Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

systembc trojan

10^/10

behavioral2

systembc suricata trojan

10^/10

Extracted

Tags

Signatures

SystemBC

Description

Tags

suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

Description

Tags

Executes dropped EXE

Looks up external IP address via web service

Description

Related Tasks

static1

behavioral1

behavioral2