General

  • Target

    NEAS.fb8fc294dfeda915ae10f066eb3b85abdf47ca7f91cd94c60429b43177887cbd.url

  • Size

    204B

  • Sample

    231117-tp1wbsag89

  • MD5

    e718f6d076309ffcbfa8515db1df0b6f

  • SHA1

    98c15c2ed94cdab0915f56daa334f35b6aeb5a45

  • SHA256

    fb8fc294dfeda915ae10f066eb3b85abdf47ca7f91cd94c60429b43177887cbd

  • SHA512

    83f3fdb15331273c0e50847ace2d1f3828a8923492f874a1b9337d8525dfc44f44b980bb0527858cc06febd7f3859ed7f3571f9c3259b577770203080066e2f5

Score
10/10

Malware Config

Extracted

Family

systembc

C2

62.173.140.37:4001

Targets

    • Target

      NEAS.fb8fc294dfeda915ae10f066eb3b85abdf47ca7f91cd94c60429b43177887cbd.url

    • Size

      204B

    • MD5

      e718f6d076309ffcbfa8515db1df0b6f

    • SHA1

      98c15c2ed94cdab0915f56daa334f35b6aeb5a45

    • SHA256

      fb8fc294dfeda915ae10f066eb3b85abdf47ca7f91cd94c60429b43177887cbd

    • SHA512

      83f3fdb15331273c0e50847ace2d1f3828a8923492f874a1b9337d8525dfc44f44b980bb0527858cc06febd7f3859ed7f3571f9c3259b577770203080066e2f5

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks