General

  • Target

    tmp

  • Size

    3.9MB

  • Sample

    230814-l86lxsbc99

  • MD5

    d1751a1411426372e372347e59cd9c77

  • SHA1

    cbbcca500101916daeaf0bcd7d2f9f7b57294c67

  • SHA256

    e7108827841a79e82b3ed9f3e54a628f380560c618e0a3769240c2eaec143e54

  • SHA512

    74f799555e925dcd72d5308fe0be9e704ce9758b3b1126333bb7d71dcfaf07445131d23a29258cd7310b91679712a54fd561d071b50dca6a4a44d9258b81aaf1

  • SSDEEP

    49152:Kgh98D4xlsAOPmUIkUI8RUyvhoDCfVC0fLqaNl1XvGTx/S5rcWWBXNO:ga71fUO

Score
10/10

Malware Config

Extracted

Family

systembc

C2

ar.undata.cc:5320

ar1.undata.cc:5320

Targets

    • Target

      tmp

    • Size

      3.9MB

    • MD5

      d1751a1411426372e372347e59cd9c77

    • SHA1

      cbbcca500101916daeaf0bcd7d2f9f7b57294c67

    • SHA256

      e7108827841a79e82b3ed9f3e54a628f380560c618e0a3769240c2eaec143e54

    • SHA512

      74f799555e925dcd72d5308fe0be9e704ce9758b3b1126333bb7d71dcfaf07445131d23a29258cd7310b91679712a54fd561d071b50dca6a4a44d9258b81aaf1

    • SSDEEP

      49152:Kgh98D4xlsAOPmUIkUI8RUyvhoDCfVC0fLqaNl1XvGTx/S5rcWWBXNO:ga71fUO

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks