Resubmissions

26-06-2023 05:08

230626-fsw5nage98 10

26-06-2023 04:47

230626-feqqqahe41 10

General

  • Target

    19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8

  • Size

    220KB

  • Sample

    230626-feqqqahe41

  • MD5

    8d7ebe871589d79f195f240dcef43a57

  • SHA1

    f5315edc9bfeb6f37c9df6ad1f10cb3363412d96

  • SHA256

    19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8

  • SHA512

    244be66bb480d320ef6d5cbfcd21e526a53726397c1fc4b512935bc50039b0bb773e3f12fd53910d3da9e69ebb8e3fd1a56d22d2fcb2e090c93c9759cdc497cd

  • SSDEEP

    3072:/M8Ejf0TGpNkCdEjDOCARNT4Hxh6skqg2d1vIH+J3Ul:DEj9ICdEjDgt4RuW1vg

Malware Config

Extracted

Family

systembc

C2

adstat277xm.xyz:4044

demstat377xm.xyz:4044

Targets

    • Target

      19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8

    • Size

      220KB

    • MD5

      8d7ebe871589d79f195f240dcef43a57

    • SHA1

      f5315edc9bfeb6f37c9df6ad1f10cb3363412d96

    • SHA256

      19397c6dce459330095edc72759d1e79e26f1e12f013cdaee6dbdb90d65aaae8

    • SHA512

      244be66bb480d320ef6d5cbfcd21e526a53726397c1fc4b512935bc50039b0bb773e3f12fd53910d3da9e69ebb8e3fd1a56d22d2fcb2e090c93c9759cdc497cd

    • SSDEEP

      3072:/M8Ejf0TGpNkCdEjDOCARNT4Hxh6skqg2d1vIH+J3Ul:DEj9ICdEjDgt4RuW1vg

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks