General
-
Target
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
-
Size
94KB
-
Sample
220508-gmbr7sgff9
-
MD5
8d63b4b33f84d55f999fe7f2c07f1898
-
SHA1
4b72592eb314d60c52e7dc13a4c99b5afb902bf3
-
SHA256
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
-
SHA512
d734614ccba6dd7f3e84e5a39484a45bead737f3d27ab7dbc62654c5a7ea96133c68b02f0e63a073e29105a05ebd2120dd2156d63c901eabad096c65a0e7f263
Malware Config
Extracted
systembc
sdadvert197.com:4044
mexstat128.com:4044
Targets
-
-
Target
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
-
Size
94KB
-
MD5
8d63b4b33f84d55f999fe7f2c07f1898
-
SHA1
4b72592eb314d60c52e7dc13a4c99b5afb902bf3
-
SHA256
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
-
SHA512
d734614ccba6dd7f3e84e5a39484a45bead737f3d27ab7dbc62654c5a7ea96133c68b02f0e63a073e29105a05ebd2120dd2156d63c901eabad096c65a0e7f263
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
-
Executes dropped EXE
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Malware can proxy its traffic through Tor for more anonymity.
-