General

  • Target

    dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a

  • Size

    84KB

  • Sample

    220508-glgxtsgfe2

  • MD5

    259988cc4cc6819e0fdcf644a3ad62ee

  • SHA1

    f0ae6d845f7c8a341ddad6d8059de93d489773de

  • SHA256

    dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a

  • SHA512

    8e87574ee7c59be26e5532b117251589c0eb8da3eb9f84cd08f8c00539f3678b85ac8858d4e77c55c3caf85d4d2a88fb95ca4896e7281e4e7fea8295eca43b01

Malware Config

Extracted

Family

systembc

C2

sdadvert197.com:4044

mexstat128.com:4044

Targets

    • Target

      dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a

    • Size

      84KB

    • MD5

      259988cc4cc6819e0fdcf644a3ad62ee

    • SHA1

      f0ae6d845f7c8a341ddad6d8059de93d489773de

    • SHA256

      dc7f6fc4e305c7a6a238061fbb834f468ca4fc0c3cf4c4b33d9b3c86db55c77a

    • SHA512

      8e87574ee7c59be26e5532b117251589c0eb8da3eb9f84cd08f8c00539f3678b85ac8858d4e77c55c3caf85d4d2a88fb95ca4896e7281e4e7fea8295eca43b01

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

      suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Matrix ATT&CK v6

Command and Control

Connection Proxy

1
T1090

Tasks