General

  • Target

    NEAS.e388ae91a8cdc3ae144f1b861aa4dd3168a4a091e74871874221fa69424f10e9.url

  • Size

    204B

  • Sample

    231117-vwk9wsbf57

  • MD5

    357d521672b45d44bcc584f2fe4f0592

  • SHA1

    c8d47e89f1317615b6135d5ce2cb2e784528d437

  • SHA256

    e388ae91a8cdc3ae144f1b861aa4dd3168a4a091e74871874221fa69424f10e9

  • SHA512

    b3eb93c20080c2f8d431aaa11dbe93570b34c84a57eeabfe71a0101c674695b352b741e0e5dd1e2f08d14673804cc28254ebfebc8e25390c2b616e57ac9a244a

Score
10/10

Malware Config

Extracted

Family

systembc

C2

62.173.140.37:4001

Targets

    • Target

      NEAS.e388ae91a8cdc3ae144f1b861aa4dd3168a4a091e74871874221fa69424f10e9.url

    • Size

      204B

    • MD5

      357d521672b45d44bcc584f2fe4f0592

    • SHA1

      c8d47e89f1317615b6135d5ce2cb2e784528d437

    • SHA256

      e388ae91a8cdc3ae144f1b861aa4dd3168a4a091e74871874221fa69424f10e9

    • SHA512

      b3eb93c20080c2f8d431aaa11dbe93570b34c84a57eeabfe71a0101c674695b352b741e0e5dd1e2f08d14673804cc28254ebfebc8e25390c2b616e57ac9a244a

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks