General

  • Target

    90cfe0ef71e872618262229519f6a6c7

  • Size

    139KB

  • Sample

    231219-y1t95secg6

  • MD5

    90cfe0ef71e872618262229519f6a6c7

  • SHA1

    245565b890c9f721f91a994575b993f712ad72ed

  • SHA256

    aee9d6522dc07d7e4454fb98190fdbe1befecd8dfc1ed0cec07dc59509100d9a

  • SHA512

    60fcfe7f4232b9a7200539b6724de659460ee0231c0fc090db691e3735fd03b976b7e76687b0c7e6e2aba36ebe450ee1ed06f1c06171b3d8e371b610ccbd1ad8

  • SSDEEP

    3072:8MshuDzxveNuCRcoMSJ+yQ/wZcBMETlee:8GINirI+FYc9xee

Score
10/10

Malware Config

Extracted

Family

systembc

C2

pzlkxadvert475.xyz:4044

pzfdmserv275.xyz:4044

Targets

    • Target

      90cfe0ef71e872618262229519f6a6c7

    • Size

      139KB

    • MD5

      90cfe0ef71e872618262229519f6a6c7

    • SHA1

      245565b890c9f721f91a994575b993f712ad72ed

    • SHA256

      aee9d6522dc07d7e4454fb98190fdbe1befecd8dfc1ed0cec07dc59509100d9a

    • SHA512

      60fcfe7f4232b9a7200539b6724de659460ee0231c0fc090db691e3735fd03b976b7e76687b0c7e6e2aba36ebe450ee1ed06f1c06171b3d8e371b610ccbd1ad8

    • SSDEEP

      3072:8MshuDzxveNuCRcoMSJ+yQ/wZcBMETlee:8GINirI+FYc9xee

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v15

Tasks