General

  • Target

    file.exe

  • Size

    211KB

  • Sample

    221103-zcz16aehc3

  • MD5

    a9442b076e2b0aa0022616c7cbc20d0b

  • SHA1

    dfb7193fa38ba75574a72c4a8992207ea2af9299

  • SHA256

    a580a0d34202ae292f90ce0522cbfcc48fcc6dc274e94c6f7843950eb213499d

  • SHA512

    9c69ad04fffdf2003d1f92551a3c1eb238667260786e12b642b81de319c2277688eb32778e98e677aa4e0c5d3d652ba0aca6dabbeb870ed110ce5210daa0bcf2

  • SSDEEP

    3072:G3k/Y5vDBhOfWLr3vRjm6PVJ5uZcWYR5kyVBURk+CqjLCCzwzKHjD/fRMMCsx:G3aAVhOeLrfxm0UKTVBUO+cCzhfRMMF

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Targets

    • Target

      file.exe

    • Size

      211KB

    • MD5

      a9442b076e2b0aa0022616c7cbc20d0b

    • SHA1

      dfb7193fa38ba75574a72c4a8992207ea2af9299

    • SHA256

      a580a0d34202ae292f90ce0522cbfcc48fcc6dc274e94c6f7843950eb213499d

    • SHA512

      9c69ad04fffdf2003d1f92551a3c1eb238667260786e12b642b81de319c2277688eb32778e98e677aa4e0c5d3d652ba0aca6dabbeb870ed110ce5210daa0bcf2

    • SSDEEP

      3072:G3k/Y5vDBhOfWLr3vRjm6PVJ5uZcWYR5kyVBURk+CqjLCCzwzKHjD/fRMMCsx:G3aAVhOeLrfxm0UKTVBUO+cCzhfRMMF

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks