General

  • Target

    6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c

  • Size

    89KB

  • Sample

    220427-whythaffe5

  • MD5

    754f68fbcd88c48a9c689632b66967c4

  • SHA1

    fc20fe331d1699145df56ec11a95cb6d7f72279f

  • SHA256

    6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c

  • SHA512

    0b7e83826ec8a7599fd876590e8c096f71a034d56e34d138c4d29ac3bf8c512aecacebdd64a47ce5bf449a27802cf915a5a6a8ae251eb66a7262df1065a0f839

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

    • Target

      6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c

    • Size

      89KB

    • MD5

      754f68fbcd88c48a9c689632b66967c4

    • SHA1

      fc20fe331d1699145df56ec11a95cb6d7f72279f

    • SHA256

      6bc401f2d24746bb192fb23fcaf705b94b7f6742b9d651266345bbab434e351c

    • SHA512

      0b7e83826ec8a7599fd876590e8c096f71a034d56e34d138c4d29ac3bf8c512aecacebdd64a47ce5bf449a27802cf915a5a6a8ae251eb66a7262df1065a0f839

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks