General

  • Target

    9ef73e7ae1a3f68234dd16cbfeb7eacf07126d2b9cdceaca7e0a54d55c4dd822

  • Size

    210KB

  • Sample

    221103-yq8d1sgffq

  • MD5

    80770e5b79c47af23aead457eace6822

  • SHA1

    1146e12b38b3dd2770a9ae4bb2134a516b84d746

  • SHA256

    9ef73e7ae1a3f68234dd16cbfeb7eacf07126d2b9cdceaca7e0a54d55c4dd822

  • SHA512

    ba60adff91a953efe9732dbe3cec41b9e016fdc03bfd875d18fc9959dc0c59a1c3aa8e615873604246729bac013cf084b393b9eecbf8707d549cca55e298fe64

  • SSDEEP

    3072:n/G3Ep83NTTeZLJAWf56oKj5rETTDGO1wjnb8XElxKbP24Cx:n/0++NTTOLiWxYETHG8IbxlAbK

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Targets

    • Target

      9ef73e7ae1a3f68234dd16cbfeb7eacf07126d2b9cdceaca7e0a54d55c4dd822

    • Size

      210KB

    • MD5

      80770e5b79c47af23aead457eace6822

    • SHA1

      1146e12b38b3dd2770a9ae4bb2134a516b84d746

    • SHA256

      9ef73e7ae1a3f68234dd16cbfeb7eacf07126d2b9cdceaca7e0a54d55c4dd822

    • SHA512

      ba60adff91a953efe9732dbe3cec41b9e016fdc03bfd875d18fc9959dc0c59a1c3aa8e615873604246729bac013cf084b393b9eecbf8707d549cca55e298fe64

    • SSDEEP

      3072:n/G3Ep83NTTeZLJAWf56oKj5rETTDGO1wjnb8XElxKbP24Cx:n/0++NTTOLiWxYETHG8IbxlAbK

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks