General

  • Target

    0e125a4063564972de331d02de67b607e20a939d39af56abc228b7abfca9a2e0

  • Size

    211KB

  • Sample

    221103-zj1w2ahbcl

  • MD5

    81fd70376acc035a5218e6aeaef927c3

  • SHA1

    4d52e8e6f1707caee1b05206e4ea4228f9807916

  • SHA256

    0e125a4063564972de331d02de67b607e20a939d39af56abc228b7abfca9a2e0

  • SHA512

    3485ba043990c37785f2ec6bba1b78d772cbbbd78df42f577c33cbb5a398018dec57e48c8f4f9927864bfadc05e71558fe5a08fbdd93f2d0f2267098aca19afc

  • SSDEEP

    3072:Ws/ej5ODVtY5I3LK4g+vnM6nJ5bKQ1uSa41koKizYGy8I0YFOx:Wsmo5tYe3Lpg+k4KQXa4uoKizYH0MO

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Targets

    • Target

      0e125a4063564972de331d02de67b607e20a939d39af56abc228b7abfca9a2e0

    • Size

      211KB

    • MD5

      81fd70376acc035a5218e6aeaef927c3

    • SHA1

      4d52e8e6f1707caee1b05206e4ea4228f9807916

    • SHA256

      0e125a4063564972de331d02de67b607e20a939d39af56abc228b7abfca9a2e0

    • SHA512

      3485ba043990c37785f2ec6bba1b78d772cbbbd78df42f577c33cbb5a398018dec57e48c8f4f9927864bfadc05e71558fe5a08fbdd93f2d0f2267098aca19afc

    • SSDEEP

      3072:Ws/ej5ODVtY5I3LK4g+vnM6nJ5bKQ1uSa41koKizYGy8I0YFOx:Wsmo5tYe3Lpg+k4KQXa4uoKizYH0MO

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks