General

  • Target

    rete.vhd

  • Size

    6.0MB

  • Sample

    231120-qcmamaha4s

  • MD5

    6f5d21f39b19710ac75e75c83fd979cb

  • SHA1

    e928f581384dcd8dfeab2c63773fc560652e1794

  • SHA256

    4dec34cce9bd330ba704371a77a14b742603c64e633b50ee4158ea55129e42f9

  • SHA512

    fb915bf394690d4181e0cbc4803dd4df9ae3092b313b6ebf4a93c58f1d2d6aa8f461a917c7d09a5d3cdbbafab1b6c628ff678124be8b084725468c810bea4b6f

  • SSDEEP

    49152:J8JYy3JDtzkvlpYbBTKPiD+Mmp5T+w+X7gJhHcnsZ9Uwg5bGz:eJY2DtzrbtKPiD+MmTTf67gHlUB5b

Score
10/10

Malware Config

Extracted

Family

systembc

C2

62.173.140.37:4001

Targets

    • Target

      Agenzia_Entrate.url

    • Size

      204B

    • MD5

      111a51917160126faf0de997749c4a84

    • SHA1

      4b872bf6d21caa3e3c56b380ddf0f7accb3343de

    • SHA256

      3c18e64435871f8e9fd9c1d379f6cb76f4a5e8c5734386ff9ae10e35fb666112

    • SHA512

      c127498748011824f160e251335414471f28e74218f6d7a4850c4e470e3147741a0ec623a695e8b55f84410c826fd39fd82a86ce37dca0771493fb47f114ec6c

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks