General

  • Target

    255ea08ee5efb8c064d74d2f87c254dac1107f6ded440588a2ba7b1724e2b705

  • Size

    291KB

  • Sample

    221104-jq8bpadcc9

  • MD5

    cba0c952267affc5e4a79280254e261b

  • SHA1

    692f286365c5b2ce8dc4e8ff55346801d0a5da2a

  • SHA256

    255ea08ee5efb8c064d74d2f87c254dac1107f6ded440588a2ba7b1724e2b705

  • SHA512

    050e33aeadaee5cac6825ae5b23352bbeec59b261e9fc6480dbd7fc1ba1422f168815765f9dbeb28e1d0d537096fdad77c3aaf06237abd05a722603858111617

  • SSDEEP

    3072:AdXpgCfjLWa8mIu5roN9lQ6rdq97QPcaOly1LQJfXnepYXmQXuPVPBufD4k:6phL5rIYoNI6s9kVIyRfxQX0by4k

Malware Config

Extracted

Family

systembc

C2

89.248.165.79:443

Targets

    • Target

      255ea08ee5efb8c064d74d2f87c254dac1107f6ded440588a2ba7b1724e2b705

    • Size

      291KB

    • MD5

      cba0c952267affc5e4a79280254e261b

    • SHA1

      692f286365c5b2ce8dc4e8ff55346801d0a5da2a

    • SHA256

      255ea08ee5efb8c064d74d2f87c254dac1107f6ded440588a2ba7b1724e2b705

    • SHA512

      050e33aeadaee5cac6825ae5b23352bbeec59b261e9fc6480dbd7fc1ba1422f168815765f9dbeb28e1d0d537096fdad77c3aaf06237abd05a722603858111617

    • SSDEEP

      3072:AdXpgCfjLWa8mIu5roN9lQ6rdq97QPcaOly1LQJfXnepYXmQXuPVPBufD4k:6phL5rIYoNI6s9kVIyRfxQX0by4k

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks