General

  • Target

    09a5565e828aa3da2f70b21cbc21b08b.exe

  • Size

    372KB

  • Sample

    220521-hlrmpsafc6

  • MD5

    09a5565e828aa3da2f70b21cbc21b08b

  • SHA1

    fbdb5431f6373262c69715c1ce3b4eb691c16714

  • SHA256

    fdd7069cdc8a066739331213b2076f2ca6acd0e97070f5d1e4dbd9d1b756a35b

  • SHA512

    236897b15b20214eeb42e10a171a77cede6a7c29cc1295255c4f69c3fe53d2623fa4ebc3ae142d1fb2a28f0527d7245ecd7822f9b9a8450de1af875eacbd8a64

Score
10/10

Malware Config

Extracted

Family

systembc

C2

135.125.248.50:443

146.70.53.169:443

Targets

    • Target

      09a5565e828aa3da2f70b21cbc21b08b.exe

    • Size

      372KB

    • MD5

      09a5565e828aa3da2f70b21cbc21b08b

    • SHA1

      fbdb5431f6373262c69715c1ce3b4eb691c16714

    • SHA256

      fdd7069cdc8a066739331213b2076f2ca6acd0e97070f5d1e4dbd9d1b756a35b

    • SHA512

      236897b15b20214eeb42e10a171a77cede6a7c29cc1295255c4f69c3fe53d2623fa4ebc3ae142d1fb2a28f0527d7245ecd7822f9b9a8450de1af875eacbd8a64

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks