General

  • Target

    entrate.vhd

  • Size

    6.0MB

  • Sample

    231120-qetgqaha5v

  • MD5

    ddc85ed323ac6649d7c37aed4820c092

  • SHA1

    bca10ed3b5186ae3a3aedf83e63fe8f0e66144dd

  • SHA256

    22fcf360cea1149c89404bc89a2035e984b72c670d0051c50facf8e09e5133d2

  • SHA512

    4713b2e12876d15c132a8b67cac842d1180fe8753873a8aa13bd9e0a1325cf387c4f1e6b7d50d376911e1804a602bab2d573af9b00c2734d459f3fe48a09679a

  • SSDEEP

    49152:V8JYy3j5T+w+X7gJhHcnsZ9UwgV+UjgaebGz:KJYwTf67gHlUBV65b

Score
10/10

Malware Config

Extracted

Family

systembc

C2

62.173.140.37:4001

Targets

    • Target

      Agenzia.url

    • Size

      204B

    • MD5

      3bed3fb03b12000c17c2f1fdfb6befe1

    • SHA1

      36e60975b967f852f5ed31788e480336f5ce3ac3

    • SHA256

      522f6cd72ee97eb4d00c2b3ef4c93c4f3396f3c6c8f85dd58655a0edcd0b865d

    • SHA512

      b4bd6905634f6a64098fada9af984a5d97616eeabcaf0a482363ea759232dd4e887f4f0e854faf2366308a00d2ff292aab759bdfba8424d62b7869ba94e5a793

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks