General
-
Target
e901c09fe8b81cf2a87de97087faf4cafce7287a3784907cb52806ca1cfa20f6
-
Size
86KB
-
Sample
220427-whncrsffd2
-
MD5
ee901758b646be29eec10374025e5aea
-
SHA1
5dce870f80a5a97d0a05df73696222b7c2a3d528
-
SHA256
e901c09fe8b81cf2a87de97087faf4cafce7287a3784907cb52806ca1cfa20f6
-
SHA512
9c7b1911e92395e41bd10a5138475063ff7675220fdb10722e35f830e2f132d97a9449dfb61547f7866a3a1a9e6cf3401b29359e982035ebb08345fd0303fc65
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
e901c09fe8b81cf2a87de97087faf4cafce7287a3784907cb52806ca1cfa20f6
-
Size
86KB
-
MD5
ee901758b646be29eec10374025e5aea
-
SHA1
5dce870f80a5a97d0a05df73696222b7c2a3d528
-
SHA256
e901c09fe8b81cf2a87de97087faf4cafce7287a3784907cb52806ca1cfa20f6
-
SHA512
9c7b1911e92395e41bd10a5138475063ff7675220fdb10722e35f830e2f132d97a9449dfb61547f7866a3a1a9e6cf3401b29359e982035ebb08345fd0303fc65
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-