General

  • Target

    70bdc622d4ecb4da6eb1d3a5f98652ab

  • Size

    90KB

  • Sample

    231219-wldyhabgf5

  • MD5

    70bdc622d4ecb4da6eb1d3a5f98652ab

  • SHA1

    6be9177289178f1799ca1241a35e94d24089148e

  • SHA256

    f82516c78483b315b21307bcbecd66273dfa1963f3ffa9d2609df6341e00a95e

  • SHA512

    f04a3df175241f72c85c6eb4e447aebb8f8832d09327c9f80a661e318cb265bc7b7a0490575f9c80e3142e493fc95588d7cca4e4c230ce09b93ab535a6e66c39

  • SSDEEP

    1536:804f1SMHjZ0k/tB1g//I0DuoxbxAHscmbiMKoEYP34B53FgAMKgNqpdcLc:ef1BDZ0kVB67Duw9AMcmbiMEeIb3PFgK

Score
10/10

Malware Config

Extracted

Family

systembc

C2

80.85.84.79:4001

Targets

    • Target

      70bdc622d4ecb4da6eb1d3a5f98652ab

    • Size

      90KB

    • MD5

      70bdc622d4ecb4da6eb1d3a5f98652ab

    • SHA1

      6be9177289178f1799ca1241a35e94d24089148e

    • SHA256

      f82516c78483b315b21307bcbecd66273dfa1963f3ffa9d2609df6341e00a95e

    • SHA512

      f04a3df175241f72c85c6eb4e447aebb8f8832d09327c9f80a661e318cb265bc7b7a0490575f9c80e3142e493fc95588d7cca4e4c230ce09b93ab535a6e66c39

    • SSDEEP

      1536:804f1SMHjZ0k/tB1g//I0DuoxbxAHscmbiMKoEYP34B53FgAMKgNqpdcLc:ef1BDZ0kVB67Duw9AMcmbiMEeIb3PFgK

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Loads dropped DLL

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks