General

  • Target

    d962efacc493b0603585e7c6aa7ed48a46e9426be76f9fb29f8a64795bbbf7eb

  • Size

    211KB

  • Sample

    221103-1wth6afgb4

  • MD5

    d5151b40c537fbce9bac9c4a698a60fc

  • SHA1

    a5f3efd9a56ddcecdcf3a52e1d18b064d0c7060e

  • SHA256

    d962efacc493b0603585e7c6aa7ed48a46e9426be76f9fb29f8a64795bbbf7eb

  • SHA512

    9d7158c3cfd3bd2ebd2faf1e5d9c1615068f3d91a43230632e5da91980ee6bac9fa0f30f2f9156ef76922946e2562adc1f2d05e83f732e9231431022629e8ceb

  • SSDEEP

    3072:9aui4PdQegS4K6ELORh+w6XJ5CbFx3m9qX9YTmcd0OeccmQigMvx:9atidpgS4pELO7+wLpx3hX3zOeXoB

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Targets

    • Target

      d962efacc493b0603585e7c6aa7ed48a46e9426be76f9fb29f8a64795bbbf7eb

    • Size

      211KB

    • MD5

      d5151b40c537fbce9bac9c4a698a60fc

    • SHA1

      a5f3efd9a56ddcecdcf3a52e1d18b064d0c7060e

    • SHA256

      d962efacc493b0603585e7c6aa7ed48a46e9426be76f9fb29f8a64795bbbf7eb

    • SHA512

      9d7158c3cfd3bd2ebd2faf1e5d9c1615068f3d91a43230632e5da91980ee6bac9fa0f30f2f9156ef76922946e2562adc1f2d05e83f732e9231431022629e8ceb

    • SSDEEP

      3072:9aui4PdQegS4K6ELORh+w6XJ5CbFx3m9qX9YTmcd0OeccmQigMvx:9atidpgS4pELO7+wLpx3hX3zOeXoB

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks