General

  • Target

    c62d847f001f40d5565f74885bfd6bf8bc85e2d92a4c32582e111e2b63ab8343

  • Size

    292KB

  • Sample

    221104-hpnefsegfj

  • MD5

    1fa1c85cf66d290bfedc35eadc32e8cc

  • SHA1

    4167143efdd0a5d8ec2a559a0ceb3ef10b300a2f

  • SHA256

    c62d847f001f40d5565f74885bfd6bf8bc85e2d92a4c32582e111e2b63ab8343

  • SHA512

    cf8f38a1049a5d3c27a96dcdda77799094b5c94ccfca03f2d34362b59322267d8757a0d95a2dd4c8ee5b49a7fdff8d5282a63f56eb4cf5a26f81336631e881e9

  • SSDEEP

    3072:lBPMpmbkLDM7ULu5r+FzHr3hU9l+XUSQT4nHo1f8us8lluRBq6:HMp1LQoLY63hUfRTYHop0RBj

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Targets

    • Target

      c62d847f001f40d5565f74885bfd6bf8bc85e2d92a4c32582e111e2b63ab8343

    • Size

      292KB

    • MD5

      1fa1c85cf66d290bfedc35eadc32e8cc

    • SHA1

      4167143efdd0a5d8ec2a559a0ceb3ef10b300a2f

    • SHA256

      c62d847f001f40d5565f74885bfd6bf8bc85e2d92a4c32582e111e2b63ab8343

    • SHA512

      cf8f38a1049a5d3c27a96dcdda77799094b5c94ccfca03f2d34362b59322267d8757a0d95a2dd4c8ee5b49a7fdff8d5282a63f56eb4cf5a26f81336631e881e9

    • SSDEEP

      3072:lBPMpmbkLDM7ULu5r+FzHr3hU9l+XUSQT4nHo1f8us8lluRBq6:HMp1LQoLY63hUfRTYHop0RBj

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks