c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

General
Target

c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

Size

129KB

Sample

220502-cc95ssecdq

Score
10 /10
MD5

97df61f72744b694bc0ce16556510b83

SHA1

b6c9484e550f8f4ff3155c5ed8ae4a8e3422018c

SHA256

c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

SHA512

610a3b2b253d7e34c2091250354d9d08b524d8da3836ca75d96af2562551176a9e85fdb02d6ed6aeb417c84b19c1cdea9a4b9644136f3c4ed3bfb554e5f81486

Malware Config

Extracted

Family systembc
C2

dasd13d.com:4035

dasd13d.xyz:4035

Targets
Target

c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

MD5

97df61f72744b694bc0ce16556510b83

Filesize

129KB

Score
10/10
SHA1

b6c9484e550f8f4ff3155c5ed8ae4a8e3422018c

SHA256

c6796f4e5a17fb9ce0e1d33b9d767fbed5a4c43e65e2741af09015cb23932d2b

SHA512

610a3b2b253d7e34c2091250354d9d08b524d8da3836ca75d96af2562551176a9e85fdb02d6ed6aeb417c84b19c1cdea9a4b9644136f3c4ed3bfb554e5f81486

Tags

Signatures

  • SystemBC

    Description

    SystemBC is a proxy and remote administration tool first seen in 2019.

    Tags

  • Executes dropped EXE

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Description

    Malware can proxy its traffic through Tor for more anonymity.

    TTPs

    Connection Proxy

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10