Overview

overview

10

Static

static

8

98de0d1339...d8.exe

windows7_x64

10

98de0d1339...d8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    98de0d13399818c6582fcce361f3768072362b657f1177a46f639b149ff981d8

  • Size

    137KB

  • Sample

    220502-vzj61abdb7

  • MD5

    c684031ab0b9aab1f82ec9cf2e52ae18

  • SHA1

    18af53cd6dc37bd5b1963dcf0562d4b98f6aa466

  • SHA256

    98de0d13399818c6582fcce361f3768072362b657f1177a46f639b149ff981d8

  • SHA512

    e78f5f8e917f3dd85e7cf2df43b2af4882118bd37cc04b56e660700011f1863c0580b4e6d797fee55fab2caeca55a92ba205da651707fa9b519a8e497fd156a5

Score
10/10
systembctrojanupx

Malware Config

Extracted

Family

systembc

C2

admex175x.xyz:4044

servx278x.xyz:4044

Targets

    • Target

      98de0d13399818c6582fcce361f3768072362b657f1177a46f639b149ff981d8

    • Size

      137KB

    • MD5

      c684031ab0b9aab1f82ec9cf2e52ae18

    • SHA1

      18af53cd6dc37bd5b1963dcf0562d4b98f6aa466

    • SHA256

      98de0d13399818c6582fcce361f3768072362b657f1177a46f639b149ff981d8

    • SHA512

      e78f5f8e917f3dd85e7cf2df43b2af4882118bd37cc04b56e660700011f1863c0580b4e6d797fee55fab2caeca55a92ba205da651707fa9b519a8e497fd156a5

    Score
    10/10
    systembctrojanupx

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks