e71a3a3daea6774b51d0e10142ce3ef4168175ef3415fd095a1e5c0486f02763

General
Target

e71a3a3daea6774b51d0e10142ce3ef4168175ef3415fd095a1e5c0486f02763

Size

95KB

Sample

220511-cw75jsgcdk

Score
10 /10
MD5

0fa62d99e9fa9e4da58a1e2a7dc3d5a9

SHA1

cf0f9fa093bc1a1ff51c368194e03c8bf66d6a73

SHA256

e71a3a3daea6774b51d0e10142ce3ef4168175ef3415fd095a1e5c0486f02763

SHA512

58fb9d1689a69bd63bea760cefadc18d3821e545b1540f166e63f65e480b62a3e36e6a327539dd0ae729c073d38d497e2ac091b6fec6a044fe8be0bb9e66b729

Malware Config

Extracted

Family systembc
C2

dasdasd28asd.com:4035

sasdcs28sd.xyz:4035

Targets
Target

e71a3a3daea6774b51d0e10142ce3ef4168175ef3415fd095a1e5c0486f02763

MD5

0fa62d99e9fa9e4da58a1e2a7dc3d5a9

Filesize

95KB

Score
10/10
SHA1

cf0f9fa093bc1a1ff51c368194e03c8bf66d6a73

SHA256

e71a3a3daea6774b51d0e10142ce3ef4168175ef3415fd095a1e5c0486f02763

SHA512

58fb9d1689a69bd63bea760cefadc18d3821e545b1540f166e63f65e480b62a3e36e6a327539dd0ae729c073d38d497e2ac091b6fec6a044fe8be0bb9e66b729

Tags

Signatures

  • SystemBC

    Description

    SystemBC is a proxy and remote administration tool first seen in 2019.

    Tags

  • Executes dropped EXE

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Description

    Malware can proxy its traffic through Tor for more anonymity.

    TTPs

    Connection Proxy

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        behavioral1

                        10/10

                        behavioral2

                        10/10