General

  • Target

    file.exe

  • Size

    182KB

  • Sample

    221104-en3wzadbbm

  • MD5

    f258ddc248e5ab3b122563c4fd91686c

  • SHA1

    ea26e612f9f2aa2825cb61179147c1f118454b7b

  • SHA256

    f08fa66bd30a8ce2d4ace4f67d3fb021bb9703023c99d059dbe11e53435bb4ca

  • SHA512

    d844dd7c9cf95bcdda842bcf6661caf230ad88b8fc5c3be3cc8a045e2365f64655d9e1fced138fbdf87d8b22d0850b0c1991167e4cd60e831e922df16a72f22a

  • SSDEEP

    3072:0H0+fFm2i7ph3iBLbZp5fx5/Mm4/2D64F0T+/3mymtEIn+J:0HFo2i7XyBLdp57Mm4UcT+/3mym2v

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Targets

    • Target

      file.exe

    • Size

      182KB

    • MD5

      f258ddc248e5ab3b122563c4fd91686c

    • SHA1

      ea26e612f9f2aa2825cb61179147c1f118454b7b

    • SHA256

      f08fa66bd30a8ce2d4ace4f67d3fb021bb9703023c99d059dbe11e53435bb4ca

    • SHA512

      d844dd7c9cf95bcdda842bcf6661caf230ad88b8fc5c3be3cc8a045e2365f64655d9e1fced138fbdf87d8b22d0850b0c1991167e4cd60e831e922df16a72f22a

    • SSDEEP

      3072:0H0+fFm2i7ph3iBLbZp5fx5/Mm4/2D64F0T+/3mymtEIn+J:0HFo2i7XyBLdp57Mm4UcT+/3mym2v

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks