General

  • Target

    1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328

  • Size

    690.6MB

  • Sample

    221105-edv4daddf6

  • MD5

    d510769622b55bdbb6d1a254807ff5f0

  • SHA1

    a7c1a0b325bbc7afcf3fcb26fe775e3210f6f2f9

  • SHA256

    1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328

  • SHA512

    3027401c1adf9fc20168a259f878414c99429076c5625607026c9630eff0ecc20e271ac46f36f26b267ace42dca5bb45601c754f15276ffc935bfbe534b8db74

  • SSDEEP

    98304:wxMrLzvnxGmEIAG2GX0Hj0JUGg8Jm0nayOuaC/QbSFMKR7fW7yJjr:wxM7xtftEAJFFn2un5d7faSr

Malware Config

Extracted

Family

systembc

C2

185.209.30.138:4127

192.168.1.149:4127

Targets

    • Target

      1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328

    • Size

      690.6MB

    • MD5

      d510769622b55bdbb6d1a254807ff5f0

    • SHA1

      a7c1a0b325bbc7afcf3fcb26fe775e3210f6f2f9

    • SHA256

      1b0618f7b76c11e03742a5750a00a295aeb8986f59ebb34cbff09a7aa8663328

    • SHA512

      3027401c1adf9fc20168a259f878414c99429076c5625607026c9630eff0ecc20e271ac46f36f26b267ace42dca5bb45601c754f15276ffc935bfbe534b8db74

    • SSDEEP

      98304:wxMrLzvnxGmEIAG2GX0Hj0JUGg8Jm0nayOuaC/QbSFMKR7fW7yJjr:wxM7xtftEAJFFn2un5d7faSr

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks whether UAC is enabled

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks