General

  • Target

    https://github.com/JPBM135/fishfish-js/releases/download/Borgin/Updates.exe

  • Sample

    230123-p59e7aeh21

Score
10/10

Malware Config

Extracted

Family

systembc

C2

45.147.197.24:4001

80.89.234.122:4001

Targets

    • Target

      https://github.com/JPBM135/fishfish-js/releases/download/Borgin/Updates.exe

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Tasks