Overview
overview
10Static
static
10server.exe
windows7-x64
8server.exe
windows10-2004-x64
8server.out
ubuntu-18.04-amd64
7socks.out
ubuntu-18.04-amd64
7www/system...ip2.js
windows7-x64
1www/system...ip2.js
windows10-2004-x64
1www/system...x.html
windows7-x64
1www/system...x.html
windows10-2004-x64
1www/system...ord.js
windows7-x64
1www/system...ord.js
windows10-2004-x64
1General
-
Target
35da946b55a7125ac91be532a686c501.zip
-
Size
27.3MB
-
Sample
230509-fhzg2aec72
-
MD5
124c7d3fd6012d5e1236d66d35da9cb2
-
SHA1
430ed90e5b2d603e43745b1a62a8d66039b1c811
-
SHA256
d817131a06e282101d1da0a44df9b273f2c65bd0f4dd7cd9ef8e74ed49ce57e4
-
SHA512
8554ca61eef6136efd5fbedc4c68aaaa9dca77723ed596fd5950a3f2f99f3a1d8776ef7f4ec39ccf88d9c8ebd5d0cb5a073f777aaf6ea8701869948774d2f73a
-
SSDEEP
786432:+1HVpI/ZHgDZAgSjEcIiQKFoPIj84PLNA57cZqToX:a1emAGnbIj84PJAcZG4
Behavioral task
behavioral1
Sample
server.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
server.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
server.out
Resource
ubuntu1804-amd64-20221125-en
Behavioral task
behavioral4
Sample
socks.out
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral5
Sample
www/systembc/geoip/geoip2.js
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
www/systembc/geoip/geoip2.js
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
www/systembc/index.html
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
www/systembc/index.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
www/systembc/password.js
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
www/systembc/password.js
Resource
win10v2004-20230220-en
Malware Config
Extracted
systembc
87.244.158.94
Targets
-
-
Target
server.exe
-
Size
22KB
-
MD5
3e5b7dedb99563e687b56384bcd24823
-
SHA1
17425dd4f9c65e1a5c8b4bcbef298d4dc625ae30
-
SHA256
c154d0f2c61353e96026f7036e79e8217b078bbf1947d7a2d7753cab657022f1
-
SHA512
ee97b1e8ab38bced198206a8b78d324c43df4eeb5bd96d484569cafe5527a55b52736708d7e38fcf2925f252e823efe894b5cae443025580c1507c0d920ad389
-
SSDEEP
384:IMWFbYuh12fGSjkd867JswS/oyVFiGspJjHO5rf1k7SWOoD21pE3nZ6IML:I38uhkfGS8W/rVFiGspJGrq7SAspcyL
Score8/10-
Modifies Windows Firewall
-
Executes dropped EXE
-
-
-
Target
server.out
-
Size
15KB
-
MD5
4e0a5548d669fb559fc9557c29d1300d
-
SHA1
20c475d06b77ea4078db08814acebc6c9d8a47ca
-
SHA256
b69738c655dee0071b1ce37ab5227018ebce01ba5e90d28bd82d63c46e9e63a4
-
SHA512
7f128a3110bea36b22a3f784b991f0a4b44f2c01a5df837ac0badb3742f8da742f0bd971fa492829db413c9f69b6dd8c64ec6934b33da4ef11d0025522878dbb
-
SSDEEP
192:GflaEbxJEYalA9qF9Aig5B7PNTa8EBiB6hygBCyftVm5cmF4tGEApxn:3UClA9kxg/FTyUM4gBCyftV2342px
Score7/10-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Executes dropped EXE
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
socks.out
-
Size
6KB
-
MD5
345b602eef289ed62c556690a99038a2
-
SHA1
7dd9def613ae3aa30f66326cb9ad724431ac69de
-
SHA256
5da486c1d5024f144333032ffbeae9f8e6de951f6633791861055564952ee779
-
SHA512
1066d90edecea83f1773169a0d7d6a0635904ff284c83d0ca9fc04751b967795b2e68ffb636350dc7697e05298ce0e82af0dad23e27a05843af07a094491e0b9
-
SSDEEP
96:GRSSjU6eW+vxLCFCOE7JV4Gix/5UB/bEbZ4hrClAcrOX/YLHZHPst/8+CyA:G/+MMOEgGo/5GE99k
Score7/10-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Executes dropped EXE
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
www/systembc/geoip/geoip2.phar
-
Size
347KB
-
MD5
71d14334860b780ee91902ea71d7518a
-
SHA1
7316e1354447c369fd991d5a7db6b923f3c886f0
-
SHA256
7f7a6ba15f126642ea88c6cf9354f561f6fb86948dd713ac3d8af5d169d25128
-
SHA512
bb42ebf6e9203175cc2cc3aaa6d20b0fbe56d1dfa0545513dc55c4efd8876514b0a22d7289cebd7cc36319342eed061df801efd391e5e85bcbc9dbc0ff4dc319
-
SSDEEP
6144:VsRsRTZMPNc5Wb7qxz7d9/UaNR6dTd4tL2b0ObTDdTDFTXjR7:VsRsRTZMPNce+1576f4tLe0ObTpNjR7
Score1/10 -
-
-
Target
www/systembc/index.html
-
Size
16B
-
MD5
f5a101e1a581bd03a5709b5c36f4c9c5
-
SHA1
86548e7c6168d3d05819da7b4c4c94547bea43b5
-
SHA256
a14b2375d7042a76207b40292ea3b5dec759b9908c566d5701493e1e6b381242
-
SHA512
df6337bd65e4e4a01c256d55eb4cb11576e5b1da2c729c8b251a2f4752fb3128aa91667d58b938aec334651ea30b420a90459214f05cc70b8cda6b6d67564e9a
Score1/10 -
-
-
Target
www/systembc/password.php
-
Size
27KB
-
MD5
ce9b584da52e18399c530107c200f8bd
-
SHA1
0d140fa337d37f918a458fea1b5a82615cdb0d9c
-
SHA256
236cff4506f94c8c1059c8545631fa2dcd15b086c1ade4660b947b59bdf2afbd
-
SHA512
ff913bca81b75f26302db3800c58a73d6f40bb0aa48891a3debd28c935159f3d254e0a973d0a24fbec25fc6200669f21a2e24dcad3cbeb07bfd895e645363214
-
SSDEEP
384:MeSVqSRuqKadY/Bw5WVjg/wz/LTtwZh9N65:mVrRC/3LUh65
Score1/10 -