General

  • Target

    96A3EA4BC09BBA5437EF00C758924CAE.exe

  • Size

    458KB

  • Sample

    231209-wcllzshgbl

  • MD5

    96a3ea4bc09bba5437ef00c758924cae

  • SHA1

    0154b6d842f48eb715e11856d3c7f5e92dba9384

  • SHA256

    5ff19009b6f29952af3ad9e7edf22377abbdca476b9bb945f1b3b057c8b84e3a

  • SHA512

    54cfb4dbffb1e0e0ccdd619af6521f353ee76f92b13557f1a0f521b8e0198637924a3168ec86b8b447070bd50b1d5af0c0a0c6d2ac4c4ca977e3a95459b837ab

  • SSDEEP

    6144:tk5byxHPnZaCHWWjjnnhUNeX0BmHbHTLNMT9wRUMXFLpmEJyMQxVGGGGGGGGHGG3:5xvnZaCHW+nhUNQSwbHFMx0UQtx2b

Malware Config

Extracted

Family

systembc

C2

wprogs.top:4001

leadsoftware.top:4001

Targets

    • Target

      96A3EA4BC09BBA5437EF00C758924CAE.exe

    • Size

      458KB

    • MD5

      96a3ea4bc09bba5437ef00c758924cae

    • SHA1

      0154b6d842f48eb715e11856d3c7f5e92dba9384

    • SHA256

      5ff19009b6f29952af3ad9e7edf22377abbdca476b9bb945f1b3b057c8b84e3a

    • SHA512

      54cfb4dbffb1e0e0ccdd619af6521f353ee76f92b13557f1a0f521b8e0198637924a3168ec86b8b447070bd50b1d5af0c0a0c6d2ac4c4ca977e3a95459b837ab

    • SSDEEP

      6144:tk5byxHPnZaCHWWjjnnhUNeX0BmHbHTLNMT9wRUMXFLpmEJyMQxVGGGGGGGGHGG3:5xvnZaCHW+nhUNQSwbHFMx0UQtx2b

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks