09a5565e828aa3da2f70b21cbc21b08b.exe

General
Target

09a5565e828aa3da2f70b21cbc21b08b.exe

Size

372KB

Sample

220521-hlrmpsafc6

Score
10 /10
MD5

09a5565e828aa3da2f70b21cbc21b08b

SHA1

fbdb5431f6373262c69715c1ce3b4eb691c16714

SHA256

fdd7069cdc8a066739331213b2076f2ca6acd0e97070f5d1e4dbd9d1b756a35b

SHA512

236897b15b20214eeb42e10a171a77cede6a7c29cc1295255c4f69c3fe53d2623fa4ebc3ae142d1fb2a28f0527d7245ecd7822f9b9a8450de1af875eacbd8a64

Malware Config

Extracted

Family systembc
C2

135.125.248.50:443

146.70.53.169:443
Targets
Target

09a5565e828aa3da2f70b21cbc21b08b.exe

MD5

09a5565e828aa3da2f70b21cbc21b08b

Filesize

372KB

Score
10/10
SHA1

fbdb5431f6373262c69715c1ce3b4eb691c16714

SHA256

fdd7069cdc8a066739331213b2076f2ca6acd0e97070f5d1e4dbd9d1b756a35b

SHA512

236897b15b20214eeb42e10a171a77cede6a7c29cc1295255c4f69c3fe53d2623fa4ebc3ae142d1fb2a28f0527d7245ecd7822f9b9a8450de1af875eacbd8a64

Tags

Signatures

  • SystemBC

    Description

    SystemBC is a proxy and remote administration tool first seen in 2019.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery

  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10