General

  • Target

    5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db

  • Size

    128KB

  • Sample

    220502-jle5cabadj

  • MD5

    8b462afe450df7f333a7da76f731cb62

  • SHA1

    73e532ebfbd033039575b5457ac7023f920741fe

  • SHA256

    5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db

  • SHA512

    2c4029871f2efa811b4cf17e1b55e273254716c01302de5f1489ec9ecc1342b58de929fac043f4f3b6720c1170c59e549540e626d46087bc687991b98256c3cd

Malware Config

Extracted

Family

systembc

C2

sdadvert197.com:4044

mexstat128.com:4044

Targets

    • Target

      5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db

    • Size

      128KB

    • MD5

      8b462afe450df7f333a7da76f731cb62

    • SHA1

      73e532ebfbd033039575b5457ac7023f920741fe

    • SHA256

      5e27c0fcfbf3bbabdcac743b1d948f88560cbe30ffb8f45beb062d555fd7c3db

    • SHA512

      2c4029871f2efa811b4cf17e1b55e273254716c01302de5f1489ec9ecc1342b58de929fac043f4f3b6720c1170c59e549540e626d46087bc687991b98256c3cd

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks