General

  • Target

    tmp

  • Size

    3.9MB

  • Sample

    230814-t34jdafe51

  • MD5

    a42f9085d94eb606c7e0c7c88bb7bed4

  • SHA1

    712a7a0079907f8b5c1fdf5b624aaff7e2793542

  • SHA256

    3a7c97b376896da090d87dc501625425514cdcf7590825a8ca41346d7c6592c3

  • SHA512

    81546df0a5324df5bcfaf08706ef8a9bac742657c0dc50515d2d43231192d58ab41e98cee30fe41b9ee2d44a018c8994e102635fb1599531124be41bbef5b560

  • SSDEEP

    49152:Wgh98D4xlsAOPmUIkUI8RUyvhoDCfVC0fLqaNl1XvGTx/S5rcWSBXNO:Ma71fcO

Score
10/10

Malware Config

Extracted

Family

systembc

C2

ar.undata.cc:5320

ar1.undata.cc:5320

Targets

    • Target

      tmp

    • Size

      3.9MB

    • MD5

      a42f9085d94eb606c7e0c7c88bb7bed4

    • SHA1

      712a7a0079907f8b5c1fdf5b624aaff7e2793542

    • SHA256

      3a7c97b376896da090d87dc501625425514cdcf7590825a8ca41346d7c6592c3

    • SHA512

      81546df0a5324df5bcfaf08706ef8a9bac742657c0dc50515d2d43231192d58ab41e98cee30fe41b9ee2d44a018c8994e102635fb1599531124be41bbef5b560

    • SSDEEP

      49152:Wgh98D4xlsAOPmUIkUI8RUyvhoDCfVC0fLqaNl1XvGTx/S5rcWSBXNO:Ma71fcO

    Score
    10/10
    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks