bb8dba7e21b5f0720407e0acdde6a34e.exe

General
Target

bb8dba7e21b5f0720407e0acdde6a34e.exe

Size

373KB

Sample

220521-rzpvpshfh4

Score
10 /10
MD5

bb8dba7e21b5f0720407e0acdde6a34e

SHA1

27e708c7940708ec158245bfb7f9f671f6664b13

SHA256

d94e02cfb25da71355a6d85538a24374c050962c4e027eaae2e230fe52514e2a

SHA512

b83aedd35920a402033d9381d67d5ade247afe55c8c5d7fc0eb5ee79d0c5cd69bd3e2538881e7d8d2bdcf04b65219f802d038b1757a395709e20b52462d12266

Malware Config

Extracted

Family systembc
C2

135.125.248.50:443

146.70.53.169:443

Targets
Target

bb8dba7e21b5f0720407e0acdde6a34e.exe

MD5

bb8dba7e21b5f0720407e0acdde6a34e

Filesize

373KB

Score
10/10
SHA1

27e708c7940708ec158245bfb7f9f671f6664b13

SHA256

d94e02cfb25da71355a6d85538a24374c050962c4e027eaae2e230fe52514e2a

SHA512

b83aedd35920a402033d9381d67d5ade247afe55c8c5d7fc0eb5ee79d0c5cd69bd3e2538881e7d8d2bdcf04b65219f802d038b1757a395709e20b52462d12266

Tags

Signatures

  • SystemBC

    Description

    SystemBC is a proxy and remote administration tool first seen in 2019.

    Tags

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Deletes itself

  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10