General
-
Target
fdc98ea3381d04350e38b592c2c63090d6f0bd32388a21fcfc5b7bfcb9753d20
-
Size
121KB
-
Sample
220508-3cgflaaeh3
-
MD5
2140899e877c2bb95f71f77c31e205ce
-
SHA1
b7322db66f0c4b5a48c10ca3213b899131045d11
-
SHA256
fdc98ea3381d04350e38b592c2c63090d6f0bd32388a21fcfc5b7bfcb9753d20
-
SHA512
6856af4f8cb1fceede24360c7e081e6beea701a44b80e6276db719e5cba3b6cf5f7fae8df4ce56852ea34e73dfa4e091a8ac258d1efb596e0d7224b33402fe07
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
fdc98ea3381d04350e38b592c2c63090d6f0bd32388a21fcfc5b7bfcb9753d20
-
Size
121KB
-
MD5
2140899e877c2bb95f71f77c31e205ce
-
SHA1
b7322db66f0c4b5a48c10ca3213b899131045d11
-
SHA256
fdc98ea3381d04350e38b592c2c63090d6f0bd32388a21fcfc5b7bfcb9753d20
-
SHA512
6856af4f8cb1fceede24360c7e081e6beea701a44b80e6276db719e5cba3b6cf5f7fae8df4ce56852ea34e73dfa4e091a8ac258d1efb596e0d7224b33402fe07
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-