General

  • Target

    tmp

  • Size

    2.4MB

  • Sample

    230807-wjx9csab9x

  • MD5

    82cf051811579ee4f1d9978af52f12db

  • SHA1

    34122975ea9238001cb644955a1474f4d33f9e7b

  • SHA256

    2227d5b2e2782a03bdb847a8ebf9ea40cc2c9f10f48385154c66ded1577b1deb

  • SHA512

    1eb2df40b3e98a0289b2ccd51d0d0861c9e967220b745643210ecdda63e2aeebaf5940b2d0a319dd0ffc6754238aa0a897ee261d06528c645740082a07de3b73

  • SSDEEP

    49152:M32RUvjn/TCGDQiMDpU/Sb8HDWSrbmnidPtrmEKhPlGRr4g0aQ7svt/:nyn/+GDhOcSb8HDhrK8rtGlGRr4+

Score
10/10

Malware Config

Extracted

Family

systembc

C2

ar.undata.cc:5320

ar1.undata.cc:5320

Targets

    • Target

      tmp

    • Size

      2.4MB

    • MD5

      82cf051811579ee4f1d9978af52f12db

    • SHA1

      34122975ea9238001cb644955a1474f4d33f9e7b

    • SHA256

      2227d5b2e2782a03bdb847a8ebf9ea40cc2c9f10f48385154c66ded1577b1deb

    • SHA512

      1eb2df40b3e98a0289b2ccd51d0d0861c9e967220b745643210ecdda63e2aeebaf5940b2d0a319dd0ffc6754238aa0a897ee261d06528c645740082a07de3b73

    • SSDEEP

      49152:M32RUvjn/TCGDQiMDpU/Sb8HDWSrbmnidPtrmEKhPlGRr4g0aQ7svt/:nyn/+GDhOcSb8HDhrK8rtGlGRr4+

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks