Resubmissions

03-01-2023 10:26

230103-mgxqdaed3v 10

30-12-2022 15:20

221230-sqr45sba9y 10

General

  • Target

    e680554fa3ec812160ea4fe8bbcafeac.exe

  • Size

    5.2MB

  • Sample

    221230-sqr45sba9y

  • MD5

    e680554fa3ec812160ea4fe8bbcafeac

  • SHA1

    d5b2d9f227a419d60af8c93fd890e1858682055f

  • SHA256

    b79b20c44857f5d00ebc2e4be8226a7f23460a25eaad85023127af6a09c48980

  • SHA512

    680559a7d3eab6a45a76d87e3ed393b7247b43a2556786c4bd180b61104cf337da58d8206f0111a916e0df12554eaada5aa99a3b9abc6a59574591785f59a340

  • SSDEEP

    98304:TdVwc5vJ8o/UUhsAn32ennaMjUckirsnS/PpJhanPiO+XtkF9xBf7m1709ooMDP:xVVvJxFjnmeaMjUckiYcBCnPiOemF9xG

Malware Config

Extracted

Family

systembc

C2

oversizetights.com:4246

myprettysocks.com:4246

Targets

    • Target

      e680554fa3ec812160ea4fe8bbcafeac.exe

    • Size

      5.2MB

    • MD5

      e680554fa3ec812160ea4fe8bbcafeac

    • SHA1

      d5b2d9f227a419d60af8c93fd890e1858682055f

    • SHA256

      b79b20c44857f5d00ebc2e4be8226a7f23460a25eaad85023127af6a09c48980

    • SHA512

      680559a7d3eab6a45a76d87e3ed393b7247b43a2556786c4bd180b61104cf337da58d8206f0111a916e0df12554eaada5aa99a3b9abc6a59574591785f59a340

    • SSDEEP

      98304:TdVwc5vJ8o/UUhsAn32ennaMjUckirsnS/PpJhanPiO+XtkF9xBf7m1709ooMDP:xVVvJxFjnmeaMjUckiYcBCnPiOemF9xG

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • ModiLoader Second Stage

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks