General

  • Target

    NEAS.640ef9afce45a61a02970462b829bf37a845948c17d72577dc70c1c21aa55b23.url

  • Size

    204B

  • Sample

    231117-t4rafaba85

  • MD5

    9125bafd876eda003abefbcfd3280900

  • SHA1

    5d045bdedaae6242de78f8a89fceca748f279a0d

  • SHA256

    640ef9afce45a61a02970462b829bf37a845948c17d72577dc70c1c21aa55b23

  • SHA512

    69df286a83a636dbdaf9a2b0e4b30ff8b716245244f475ee945f498aadd37d5cab9edef3e1a73710d46eb4b36e99daa39bb4201b26ae149eff63896aead13111

Score
10/10

Malware Config

Extracted

Family

systembc

C2

62.173.140.37:4001

Targets

    • Target

      NEAS.640ef9afce45a61a02970462b829bf37a845948c17d72577dc70c1c21aa55b23.url

    • Size

      204B

    • MD5

      9125bafd876eda003abefbcfd3280900

    • SHA1

      5d045bdedaae6242de78f8a89fceca748f279a0d

    • SHA256

      640ef9afce45a61a02970462b829bf37a845948c17d72577dc70c1c21aa55b23

    • SHA512

      69df286a83a636dbdaf9a2b0e4b30ff8b716245244f475ee945f498aadd37d5cab9edef3e1a73710d46eb4b36e99daa39bb4201b26ae149eff63896aead13111

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks