Overview

overview

10

Static

static

Setup.exe

windows10-2004-x64

10

Setup.exe

android-11-x64

Resubmissions

30-08-2022 12:22

220830-pj95laacb8 10

30-08-2022 12:17

220830-pgcfjsgfhj 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Setup.exe

  • Size

    5.4MB

  • Sample

    220830-pj95laacb8

  • MD5

    30697215893fca2f6188cdcd7f3ddedf

  • SHA1

    07ebbdfecb6bab757dc71e5d94ddf02756ffb94f

  • SHA256

    37fab777eed6ae75d322c8d57ddb6294a2599daa332041bb093e002904a9e0e7

  • SHA512

    73ff33fb60cbb6dae797e328f5fcc9affaed8412e76fa8307c5f264d5c2178220e7be703821a063ecace1cc635de1c550dcd8342fcb9865541b25825dcae0e47

  • SSDEEP

    24576:34wsvYyY7XdKoFMHUoigrfEjnDnwViw8quVaBfGgzxoRjADVLZDFgyThCl3RuQ57:Iw7S2wAqNBfGgNoRjADV4l3B

Score
10/10
systembcytstealerandroidspywarestealertrojanupx

Malware Config

Extracted

Family

systembc

C2

95.217.228.125:4249

146.70.53.169:4249

Targets

    • Target

      Setup.exe

    • Size

      5.4MB

    • MD5

      30697215893fca2f6188cdcd7f3ddedf

    • SHA1

      07ebbdfecb6bab757dc71e5d94ddf02756ffb94f

    • SHA256

      37fab777eed6ae75d322c8d57ddb6294a2599daa332041bb093e002904a9e0e7

    • SHA512

      73ff33fb60cbb6dae797e328f5fcc9affaed8412e76fa8307c5f264d5c2178220e7be703821a063ecace1cc635de1c550dcd8342fcb9865541b25825dcae0e47

    • SSDEEP

      24576:34wsvYyY7XdKoFMHUoigrfEjnDnwViw8quVaBfGgzxoRjADVLZDFgyThCl3RuQ57:Iw7S2wAqNBfGgNoRjADV4l3B

    Score
    10/10
    systembcytstealerspywarestealertrojanupx

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • YTStealer

      YTStealer is a malware designed to steal YouTube authentication cookies.

      stealerytstealer

    • YTStealer payload

    • Downloads MZ/PE file

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses 2FA software files, possible credential harvesting

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

3
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

3
T1005

Exfiltration

Command and Control

Impact

Tasks