General

  • Target

    a985b674e4b66b84636979d92733bf86.exe

  • Size

    819KB

  • Sample

    230202-ng5lnafh53

  • MD5

    a985b674e4b66b84636979d92733bf86

  • SHA1

    3d12c15334752a71b53a2e78e08b92350f77d523

  • SHA256

    234097c41e0648bebb19dee2f2f3c841cb0beabb10c81916b1fcc3ff9ae0ab83

  • SHA512

    1eda0371e2bb2a86d9f7ba9071490f5ee0124bd7246a962674878e3562c8e1d6edc1f8c7a1ced2e15375019a3f534ce4a70282195f73bf2f7e7480f1987b2040

  • SSDEEP

    12288:iprjUCS0M8mE4Cy0XC+4HVjDTiuqLywotlnH9/dwUnRe6B6iC9It:iZ9BTL41LOLyNZdwUnRe6B7CKt

Malware Config

Extracted

Family

systembc

C2

65.109.48.216:4270

192.168.1.149:4270

Targets

    • Target

      a985b674e4b66b84636979d92733bf86.exe

    • Size

      819KB

    • MD5

      a985b674e4b66b84636979d92733bf86

    • SHA1

      3d12c15334752a71b53a2e78e08b92350f77d523

    • SHA256

      234097c41e0648bebb19dee2f2f3c841cb0beabb10c81916b1fcc3ff9ae0ab83

    • SHA512

      1eda0371e2bb2a86d9f7ba9071490f5ee0124bd7246a962674878e3562c8e1d6edc1f8c7a1ced2e15375019a3f534ce4a70282195f73bf2f7e7480f1987b2040

    • SSDEEP

      12288:iprjUCS0M8mE4Cy0XC+4HVjDTiuqLywotlnH9/dwUnRe6B6iC9It:iZ9BTL41LOLyNZdwUnRe6B7CKt

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks