General
-
Target
a985b674e4b66b84636979d92733bf86.exe
-
Size
819KB
-
Sample
230202-ng5lnafh53
-
MD5
a985b674e4b66b84636979d92733bf86
-
SHA1
3d12c15334752a71b53a2e78e08b92350f77d523
-
SHA256
234097c41e0648bebb19dee2f2f3c841cb0beabb10c81916b1fcc3ff9ae0ab83
-
SHA512
1eda0371e2bb2a86d9f7ba9071490f5ee0124bd7246a962674878e3562c8e1d6edc1f8c7a1ced2e15375019a3f534ce4a70282195f73bf2f7e7480f1987b2040
-
SSDEEP
12288:iprjUCS0M8mE4Cy0XC+4HVjDTiuqLywotlnH9/dwUnRe6B6iC9It:iZ9BTL41LOLyNZdwUnRe6B7CKt
Malware Config
Extracted
systembc
65.109.48.216:4270
192.168.1.149:4270
Targets
-
-
Target
a985b674e4b66b84636979d92733bf86.exe
-
Size
819KB
-
MD5
a985b674e4b66b84636979d92733bf86
-
SHA1
3d12c15334752a71b53a2e78e08b92350f77d523
-
SHA256
234097c41e0648bebb19dee2f2f3c841cb0beabb10c81916b1fcc3ff9ae0ab83
-
SHA512
1eda0371e2bb2a86d9f7ba9071490f5ee0124bd7246a962674878e3562c8e1d6edc1f8c7a1ced2e15375019a3f534ce4a70282195f73bf2f7e7480f1987b2040
-
SSDEEP
12288:iprjUCS0M8mE4Cy0XC+4HVjDTiuqLywotlnH9/dwUnRe6B6iC9It:iZ9BTL41LOLyNZdwUnRe6B7CKt
Score10/10-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-