General

  • Target

    c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

  • Size

    129KB

  • Sample

    220502-cc95ssecdq

  • MD5

    97df61f72744b694bc0ce16556510b83

  • SHA1

    b6c9484e550f8f4ff3155c5ed8ae4a8e3422018c

  • SHA256

    c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

  • SHA512

    610a3b2b253d7e34c2091250354d9d08b524d8da3836ca75d96af2562551176a9e85fdb02d6ed6aeb417c84b19c1cdea9a4b9644136f3c4ed3bfb554e5f81486

Score
10/10

Malware Config

Extracted

Family

systembc

C2

dasd13d.com:4035

dasd13d.xyz:4035

Targets

    • Target

      c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

    • Size

      129KB

    • MD5

      97df61f72744b694bc0ce16556510b83

    • SHA1

      b6c9484e550f8f4ff3155c5ed8ae4a8e3422018c

    • SHA256

      c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

    • SHA512

      610a3b2b253d7e34c2091250354d9d08b524d8da3836ca75d96af2562551176a9e85fdb02d6ed6aeb417c84b19c1cdea9a4b9644136f3c4ed3bfb554e5f81486

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks