General

  • Target

    167da3ff2a998e236e76584cd71d1fac55d19c763917f4a62b1dcb9978684ff6

  • Size

    291KB

  • Sample

    221104-gqjl8acah2

  • MD5

    7d1d2bc5a1e97c522abcbc00d435d240

  • SHA1

    e4461ff947930d2b1060195c480714ff51996994

  • SHA256

    167da3ff2a998e236e76584cd71d1fac55d19c763917f4a62b1dcb9978684ff6

  • SHA512

    34e1f5c3b6da25bdc7a62fd87b62ccc0e549f7dc02cdb3e2b093add15ce68d7934d53a7213b118540cfb1fde6cbcddf6e9c33d9628f92177df7e0fc4c97b9412

  • SSDEEP

    3072:ezvDpwPfLG4AiyXtHyz57EC6ReyrbDih1z0fa3kyYb:KDpML3AvXtHyJkReyrI31

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Targets

    • Target

      167da3ff2a998e236e76584cd71d1fac55d19c763917f4a62b1dcb9978684ff6

    • Size

      291KB

    • MD5

      7d1d2bc5a1e97c522abcbc00d435d240

    • SHA1

      e4461ff947930d2b1060195c480714ff51996994

    • SHA256

      167da3ff2a998e236e76584cd71d1fac55d19c763917f4a62b1dcb9978684ff6

    • SHA512

      34e1f5c3b6da25bdc7a62fd87b62ccc0e549f7dc02cdb3e2b093add15ce68d7934d53a7213b118540cfb1fde6cbcddf6e9c33d9628f92177df7e0fc4c97b9412

    • SSDEEP

      3072:ezvDpwPfLG4AiyXtHyz57EC6ReyrbDih1z0fa3kyYb:KDpML3AvXtHyJkReyrI31

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook accounts

    • Accesses Microsoft Outlook profiles

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks