General

  • Target

    rete.zip

  • Size

    1.6MB

  • Sample

    231120-qgndgsha61

  • MD5

    77be796a24d4265164ab8e391b890429

  • SHA1

    99cf95904d3dd39f5a0d61499eaeaa73bb93ed65

  • SHA256

    ffa38121ce884376872a6ee925945e2c7ae39ecedd04ba3c52938d6241956456

  • SHA512

    089fdda2b3bb5846673aa5bd07a55b46d6915ddd842ab1b5ca76f03b745f3dfe9402eed4f7489ceff869c9042c1543d48be3a682fe69bc31e2f37f928da0b731

  • SSDEEP

    49152:NB6C/Z5l1ERoHYtU3hSHjnJlILHGWsy3Sr0:b/dqRo4K3AHrJlIbpZSr0

Score
10/10

Malware Config

Extracted

Family

systembc

C2

62.173.140.37:4001

Targets

    • Target

      Agenzia_Entrate.url

    • Size

      204B

    • MD5

      111a51917160126faf0de997749c4a84

    • SHA1

      4b872bf6d21caa3e3c56b380ddf0f7accb3343de

    • SHA256

      3c18e64435871f8e9fd9c1d379f6cb76f4a5e8c5734386ff9ae10e35fb666112

    • SHA512

      c127498748011824f160e251335414471f28e74218f6d7a4850c4e470e3147741a0ec623a695e8b55f84410c826fd39fd82a86ce37dca0771493fb47f114ec6c

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks