General
-
Target
8401fa8aa07c8cd1d4f46e41f70fd2db414f288db8c324ea61ea5dcd5c99b3c2
-
Size
87KB
-
Sample
220427-whxansffe3
-
MD5
edeea6a91e82cf4da5cb8209580b4e74
-
SHA1
182c6cf748e0a1b5f4a12b9a761b3b6982017e6d
-
SHA256
8401fa8aa07c8cd1d4f46e41f70fd2db414f288db8c324ea61ea5dcd5c99b3c2
-
SHA512
7530eb2471bb1c65612e7f16793942d7ca02e8b994f390341090eef129634ff604018fb0fe1abe5443d68a7f739719ba332a934e4a0fa7d0bcd8ef1094723226
Malware Config
Extracted
systembc
advertrex20.xyz:4044
gentexman37.xyz:4044
Targets
-
-
Target
8401fa8aa07c8cd1d4f46e41f70fd2db414f288db8c324ea61ea5dcd5c99b3c2
-
Size
87KB
-
MD5
edeea6a91e82cf4da5cb8209580b4e74
-
SHA1
182c6cf748e0a1b5f4a12b9a761b3b6982017e6d
-
SHA256
8401fa8aa07c8cd1d4f46e41f70fd2db414f288db8c324ea61ea5dcd5c99b3c2
-
SHA512
7530eb2471bb1c65612e7f16793942d7ca02e8b994f390341090eef129634ff604018fb0fe1abe5443d68a7f739719ba332a934e4a0fa7d0bcd8ef1094723226
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-