General

  • Target

    bb8dba7e21b5f0720407e0acdde6a34e.exe

  • Size

    373KB

  • Sample

    220521-rzpvpshfh4

  • MD5

    bb8dba7e21b5f0720407e0acdde6a34e

  • SHA1

    27e708c7940708ec158245bfb7f9f671f6664b13

  • SHA256

    d94e02cfb25da71355a6d85538a24374c050962c4e027eaae2e230fe52514e2a

  • SHA512

    b83aedd35920a402033d9381d67d5ade247afe55c8c5d7fc0eb5ee79d0c5cd69bd3e2538881e7d8d2bdcf04b65219f802d038b1757a395709e20b52462d12266

Score
10/10

Malware Config

Extracted

Family

systembc

C2

135.125.248.50:443

146.70.53.169:443

Targets

    • Target

      bb8dba7e21b5f0720407e0acdde6a34e.exe

    • Size

      373KB

    • MD5

      bb8dba7e21b5f0720407e0acdde6a34e

    • SHA1

      27e708c7940708ec158245bfb7f9f671f6664b13

    • SHA256

      d94e02cfb25da71355a6d85538a24374c050962c4e027eaae2e230fe52514e2a

    • SHA512

      b83aedd35920a402033d9381d67d5ade247afe55c8c5d7fc0eb5ee79d0c5cd69bd3e2538881e7d8d2bdcf04b65219f802d038b1757a395709e20b52462d12266

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation