38916764de03427d1ef5b77729bd3486e8429fd7966cc306a79e5e5e248a36cc

General
Target

38916764de03427d1ef5b77729bd3486e8429fd7966cc306a79e5e5e248a36cc

Size

107KB

Sample

220503-r8ytzahfa5

Score
10 /10
MD5

c76206e3213212b73b3efa6a51d9c1d6

SHA1

3ed40c6f3553b7f02ab984693258b6120577aa2d

SHA256

38916764de03427d1ef5b77729bd3486e8429fd7966cc306a79e5e5e248a36cc

SHA512

fc1826163547e7d3b907da45bca77e52df96a056fa99c7830c8663ffcb7720a7ec4481dec3baa965dfa6e0dfd914f1bb85d5b4680b1e8d2b0da0a6d0a45b0854

Malware Config

Extracted

Family systembc
C2

ok22asddvr.com:4035

ok22asddvr.xyz:4035

Targets
Target

38916764de03427d1ef5b77729bd3486e8429fd7966cc306a79e5e5e248a36cc

MD5

c76206e3213212b73b3efa6a51d9c1d6

Filesize

107KB

Score
10/10
SHA1

3ed40c6f3553b7f02ab984693258b6120577aa2d

SHA256

38916764de03427d1ef5b77729bd3486e8429fd7966cc306a79e5e5e248a36cc

SHA512

fc1826163547e7d3b907da45bca77e52df96a056fa99c7830c8663ffcb7720a7ec4481dec3baa965dfa6e0dfd914f1bb85d5b4680b1e8d2b0da0a6d0a45b0854

Tags

Signatures

  • SystemBC

    Description

    SystemBC is a proxy and remote administration tool first seen in 2019.

    Tags

  • Executes dropped EXE

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Description

    Malware can proxy its traffic through Tor for more anonymity.

    TTPs

    Connection Proxy

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10