General

  • Target

    23a665ea419877ed603914b0b1e3a319.exe

  • Size

    5.9MB

  • Sample

    230805-ybs1saea63

  • MD5

    23a665ea419877ed603914b0b1e3a319

  • SHA1

    9e44955c216d2b78176476c512d9a7c155734c2a

  • SHA256

    7ed9f4f6c6f6919e85b0f7b46ab95b356ca7702a1a3d415124753b4c77b12541

  • SHA512

    11dbfb00adb1af27b2bb12cdb1fff63c8ffc1b9a860e26a05640fff44d18d862ed7f3961a4a7c7f63619da2c31372fc15432f020e22d03e1c9e366b5cda529ae

  • SSDEEP

    98304:jKtUG8/JhKWuQOGZhGPB1lAiEKU7IHA7wayKz63OTP10tUzxCaIcnnj:jKtUXBkKna51llEvejJWoahzMHc

Malware Config

Extracted

Family

systembc

C2

5.42.65.67:4298

localhost.exchange:4298

Targets

    • Target

      23a665ea419877ed603914b0b1e3a319.exe

    • Size

      5.9MB

    • MD5

      23a665ea419877ed603914b0b1e3a319

    • SHA1

      9e44955c216d2b78176476c512d9a7c155734c2a

    • SHA256

      7ed9f4f6c6f6919e85b0f7b46ab95b356ca7702a1a3d415124753b4c77b12541

    • SHA512

      11dbfb00adb1af27b2bb12cdb1fff63c8ffc1b9a860e26a05640fff44d18d862ed7f3961a4a7c7f63619da2c31372fc15432f020e22d03e1c9e366b5cda529ae

    • SSDEEP

      98304:jKtUG8/JhKWuQOGZhGPB1lAiEKU7IHA7wayKz63OTP10tUzxCaIcnnj:jKtUXBkKna51llEvejJWoahzMHc

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

MITRE ATT&CK Matrix

Tasks