General

  • Target

    90988c815a0d7bca3e0e8cc3ebde74d55e3eda874687ed7b92bb3528c2745d57

  • Size

    284KB

  • Sample

    230203-jevlfscf66

  • MD5

    a446d1372a365a1d59bf68fbdb8f5af6

  • SHA1

    b832411ea49bc2e87b1a950acf716d4c65f34075

  • SHA256

    90988c815a0d7bca3e0e8cc3ebde74d55e3eda874687ed7b92bb3528c2745d57

  • SHA512

    32de47c199311f2e9ea380feafdeb45bdf9868fb428aa83e0add048e26cadd3ce22406dfd1f8cab9ee971df5744aae06e1e09cbd001e5e9178560b4736a63476

  • SSDEEP

    3072:sHqXjNetbVnFLYM+VnWRaR5CxaiUIozR9FsGY67ACAZMlw:sHqUFLYM+VnkaOxaiU19e+UCAZOw

Malware Config

Extracted

Family

systembc

C2

144.76.223.74:443

Targets

    • Target

      90988c815a0d7bca3e0e8cc3ebde74d55e3eda874687ed7b92bb3528c2745d57

    • Size

      284KB

    • MD5

      a446d1372a365a1d59bf68fbdb8f5af6

    • SHA1

      b832411ea49bc2e87b1a950acf716d4c65f34075

    • SHA256

      90988c815a0d7bca3e0e8cc3ebde74d55e3eda874687ed7b92bb3528c2745d57

    • SHA512

      32de47c199311f2e9ea380feafdeb45bdf9868fb428aa83e0add048e26cadd3ce22406dfd1f8cab9ee971df5744aae06e1e09cbd001e5e9178560b4736a63476

    • SSDEEP

      3072:sHqXjNetbVnFLYM+VnWRaR5CxaiUIozR9FsGY67ACAZMlw:sHqUFLYM+VnkaOxaiU19e+UCAZOw

    • Detects Smokeloader packer

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Tasks