General

  • Target

    entrate.zip

  • Size

    1.3MB

  • Sample

    231120-qgrqxagb45

  • MD5

    30533b832f1a3b68cd40f5656be04c33

  • SHA1

    0c7c8db458c23add3d8eb107592052c1764516b9

  • SHA256

    95943a0a35a08fa88362f9562c6c9bddfa9894cfac9085e2f3de9f7dc9bb1de8

  • SHA512

    3242755d0a739a56a9ab993335168268e450a8674a849d249aabb226a2e68db2258507ae393dc3cc94bc0448ac869bcda84ae18624e81f61d8029d17015ea37a

  • SSDEEP

    24576:TCm4dsyAwxjK9kh1lgPY38Pw7gGlrsfwnxQLube+SJeBnB2ejN8EJ1:TedxfxjK4I8UWgksfKzSJeBB2ejNV1

Score
10/10

Malware Config

Extracted

Family

systembc

C2

62.173.140.37:4001

Targets

    • Target

      Agenzia.url

    • Size

      204B

    • MD5

      3bed3fb03b12000c17c2f1fdfb6befe1

    • SHA1

      36e60975b967f852f5ed31788e480336f5ce3ac3

    • SHA256

      522f6cd72ee97eb4d00c2b3ef4c93c4f3396f3c6c8f85dd58655a0edcd0b865d

    • SHA512

      b4bd6905634f6a64098fada9af984a5d97616eeabcaf0a482363ea759232dd4e887f4f0e854faf2366308a00d2ff292aab759bdfba8424d62b7869ba94e5a793

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks