e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e

General
Target

e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e

Size

217KB

Sample

220508-dmxg5adhb9

Score
10 /10
MD5

790578f36d82b60747161ce1c95d320f

SHA1

99de20939bb24d34d2274c7e7960a5b610e8e546

SHA256

e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e

SHA512

fc665610b537fd6fa30debaa3e821ca50edcc89e03a120163f0f9160cf5e36d64a4aefe19d6577c1396c78e2cf5327f2f853b06a1b82314e1e9904f1e06be1d7

Malware Config

Extracted

Family systembc
C2

asdasd05.com:4035

asdasd05.xyz:4035

Targets
Target

e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e

MD5

790578f36d82b60747161ce1c95d320f

Filesize

217KB

Score
10/10
SHA1

99de20939bb24d34d2274c7e7960a5b610e8e546

SHA256

e7f4d680ea1ce138f3d3362a7bb03e1b1e692e4c44328d24d668e5dca24d6d9e

SHA512

fc665610b537fd6fa30debaa3e821ca50edcc89e03a120163f0f9160cf5e36d64a4aefe19d6577c1396c78e2cf5327f2f853b06a1b82314e1e9904f1e06be1d7

Tags

Signatures

  • SystemBC

    Description

    SystemBC is a proxy and remote administration tool first seen in 2019.

    Tags

  • Executes dropped EXE

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Description

    Malware can proxy its traffic through Tor for more anonymity.

    TTPs

    Connection Proxy

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10