General

  • Target

    da1d1f735f97bf6ec7b008e135196afd97fd0f8884ddb7526df6be626453c3c8

  • Size

    87KB

  • Sample

    220427-whreesffd6

  • MD5

    6852984ac451a05e24c746a7beae2f7e

  • SHA1

    647d364e9c10453271d21d4de892ccdbc1ec938e

  • SHA256

    da1d1f735f97bf6ec7b008e135196afd97fd0f8884ddb7526df6be626453c3c8

  • SHA512

    c03b55e314da300fd769cac02465b22c0317dfd4c445e6c9c36dd2c68cea7045ceefd872b295772fc6aa3cab6e604a4f170067d3e4ff2295ccd6109b1e735220

Malware Config

Extracted

Family

systembc

C2

asdasd08.com:4039

asdasd08.xyz:4039

Targets

    • Target

      da1d1f735f97bf6ec7b008e135196afd97fd0f8884ddb7526df6be626453c3c8

    • Size

      87KB

    • MD5

      6852984ac451a05e24c746a7beae2f7e

    • SHA1

      647d364e9c10453271d21d4de892ccdbc1ec938e

    • SHA256

      da1d1f735f97bf6ec7b008e135196afd97fd0f8884ddb7526df6be626453c3c8

    • SHA512

      c03b55e314da300fd769cac02465b22c0317dfd4c445e6c9c36dd2c68cea7045ceefd872b295772fc6aa3cab6e604a4f170067d3e4ff2295ccd6109b1e735220

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix

Collection

    Command and Control

    Credential Access

      Defense Evasion

        Discovery

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation