General

  • Target

    b05920b00f2252b5060c6a6b0dbe4df78973754a8044598c65fc7ad60b498e66

  • Size

    944KB

  • Sample

    230303-qakc9ahe68

  • MD5

    c962299aa7f1294524a03cb2c7925f14

  • SHA1

    2c3a73a02cf691248c5ecaa1d2111f9b0c197713

  • SHA256

    b05920b00f2252b5060c6a6b0dbe4df78973754a8044598c65fc7ad60b498e66

  • SHA512

    9dd66ddce441cb20ca296ddc9ba9023c397ef27ca6974fec8f6bd5e0b12167154f91606a1216bc745d7aa8babcf1677c005120b8c56bb4ab8583a3a796f19d7b

  • SSDEEP

    24576:K5VTOzE3lI8hzkn1L2eEFk/6cXJ/dEI56q2A/Te:IcE1rzk1ahFYXJl75h1/T

Malware Config

Extracted

Family

systembc

C2

31.222.238.58:4280

192.168.1.28:4280

Targets

    • Target

      b05920b00f2252b5060c6a6b0dbe4df78973754a8044598c65fc7ad60b498e66

    • Size

      944KB

    • MD5

      c962299aa7f1294524a03cb2c7925f14

    • SHA1

      2c3a73a02cf691248c5ecaa1d2111f9b0c197713

    • SHA256

      b05920b00f2252b5060c6a6b0dbe4df78973754a8044598c65fc7ad60b498e66

    • SHA512

      9dd66ddce441cb20ca296ddc9ba9023c397ef27ca6974fec8f6bd5e0b12167154f91606a1216bc745d7aa8babcf1677c005120b8c56bb4ab8583a3a796f19d7b

    • SSDEEP

      24576:K5VTOzE3lI8hzkn1L2eEFk/6cXJ/dEI56q2A/Te:IcE1rzk1ahFYXJl75h1/T

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks