Resubmissions

11-12-2023 02:33

231211-c2b93aagbr 10

General

  • Target

    96a3ea4bc09bba5437ef00c758924cae.bin

  • Size

    316KB

  • Sample

    231211-c2b93aagbr

  • MD5

    405129e6572773e75f12b8763d59cdf7

  • SHA1

    b66ea7b0dfd0f9b03bc640bc25e609fdacb427c3

  • SHA256

    96898e290b9cb99d4ca91f17d0d3f32903f1834ae1e3f025186e050c4f2e4e18

  • SHA512

    8cc4f0d2aa42fee363bd806be772b23ffc61534638ae9ac84a6f38b6d02fa16c591029caa889c7656c7632ca571444314e73f22239e04b7d6f56e7bf381da549

  • SSDEEP

    6144:GX5No2SyuTuiVeu61ulKrgDfZ88pztjcWWMfAPDDh2hbFEO:GX5NbuKiAmogLZ8CzmAYPJ2sO

Malware Config

Extracted

Family

systembc

C2

wprogs.top:4001

leadsoftware.top:4001

Targets

    • Target

      5ff19009b6f29952af3ad9e7edf22377abbdca476b9bb945f1b3b057c8b84e3a.exe

    • Size

      458KB

    • MD5

      96a3ea4bc09bba5437ef00c758924cae

    • SHA1

      0154b6d842f48eb715e11856d3c7f5e92dba9384

    • SHA256

      5ff19009b6f29952af3ad9e7edf22377abbdca476b9bb945f1b3b057c8b84e3a

    • SHA512

      54cfb4dbffb1e0e0ccdd619af6521f353ee76f92b13557f1a0f521b8e0198637924a3168ec86b8b447070bd50b1d5af0c0a0c6d2ac4c4ca977e3a95459b837ab

    • SSDEEP

      6144:tk5byxHPnZaCHWWjjnnhUNeX0BmHbHTLNMT9wRUMXFLpmEJyMQxVGGGGGGGGHGG3:5xvnZaCHW+nhUNQSwbHFMx0UQtx2b

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks