General

  • Target

    ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2

  • Size

    239KB

  • Sample

    221212-tw7x8abg87

  • MD5

    a7dda8e68c3cf6c3947e5feaa77730ad

  • SHA1

    32d21754d7dbe4f52541970c9ff865c2ac86c28b

  • SHA256

    ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2

  • SHA512

    babdafa8b435eab8cae3080946ed4cf78fcd9ab053876c52d8ece0341014515bb28948192ca6ef895d18867e750fb8d6b94a2bc52330d3739b44e98822427c6e

  • SSDEEP

    3072:shtytGLK68v4iy50r53eAwKMOYD24oSCJiY9UiJuV/GohdBcf0Evier7RbR8pgX:s9Lw4iy5yKH99xY9Uiq/Goyftx7cpgX

Malware Config

Extracted

Family

systembc

C2

109.205.214.18:443

Targets

    • Target

      ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2

    • Size

      239KB

    • MD5

      a7dda8e68c3cf6c3947e5feaa77730ad

    • SHA1

      32d21754d7dbe4f52541970c9ff865c2ac86c28b

    • SHA256

      ddc74a8151032ae3c6caf35758f0b6c81185ea739659605913f55468df8384d2

    • SHA512

      babdafa8b435eab8cae3080946ed4cf78fcd9ab053876c52d8ece0341014515bb28948192ca6ef895d18867e750fb8d6b94a2bc52330d3739b44e98822427c6e

    • SSDEEP

      3072:shtytGLK68v4iy50r53eAwKMOYD24oSCJiY9UiJuV/GohdBcf0Evier7RbR8pgX:s9Lw4iy5yKH99xY9Uiq/Goyftx7cpgX

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks