General

  • Target

    0f6f452ee406b3360e39819aac42a200.exe

  • Size

    108KB

  • Sample

    221211-kaqblsgf92

  • MD5

    0f6f452ee406b3360e39819aac42a200

  • SHA1

    e62b9163c2eddbc8bdf262faf11ac1f5f1e25683

  • SHA256

    76bd9bebdadfeda8974424b76d669a8f22b4a1178b1a9caae0d2c5a60c9db5e9

  • SHA512

    7a0ed3fc2195b52df334d127b73a454fb65dbfa991cf9d543eacadc80b9874a7fb7894dde66c265c03c7b6a794890c9d66acd08525d843dfec93d693ff96897c

  • SSDEEP

    1536:tJBChC4Ri7LWJgg2vTC/29r2VoRvz7tM1kPYqwtFUNn0WJWsa9tNUQukOVRcqAZc:td7LrNTC/21RrtwqaFFF9tNUXfVRK

Score
10/10

Malware Config

Extracted

Family

systembc

C2

asdasd08.com:4039

asdasd08.xyz:4039

Targets

    • Target

      0f6f452ee406b3360e39819aac42a200.exe

    • Size

      108KB

    • MD5

      0f6f452ee406b3360e39819aac42a200

    • SHA1

      e62b9163c2eddbc8bdf262faf11ac1f5f1e25683

    • SHA256

      76bd9bebdadfeda8974424b76d669a8f22b4a1178b1a9caae0d2c5a60c9db5e9

    • SHA512

      7a0ed3fc2195b52df334d127b73a454fb65dbfa991cf9d543eacadc80b9874a7fb7894dde66c265c03c7b6a794890c9d66acd08525d843dfec93d693ff96897c

    • SSDEEP

      1536:tJBChC4Ri7LWJgg2vTC/29r2VoRvz7tM1kPYqwtFUNn0WJWsa9tNUQukOVRcqAZc:td7LrNTC/21RrtwqaFFF9tNUXfVRK

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v6

Tasks