General

  • Target

    08c751edec7a3ae530ac34bd90e31445

  • Size

    32KB

  • Sample

    231221-ztfc3seedl

  • MD5

    08c751edec7a3ae530ac34bd90e31445

  • SHA1

    13dace12ba3b0c2733fd9a5c041e469627b4cffc

  • SHA256

    d7d2a183cb22b8327d1a46c2c5d13f45a488234fd51fa4b355b6b53144495db8

  • SHA512

    44e5d2f1bf28ce7fb21dff8ce92e34e34c74c7edb4ba8e6c809c2fe1d5134c97ecc84291367ce496dd4047d78a26bb70007c3be4b61a1b24ce966807d46bfd67

  • SSDEEP

    768:uZ+k6/WHzIyee1F0dPiXpwJo8eyhoJD3u3L3GG9:kG4zIyeGuIGC8eyhoB+b

Score
10/10

Malware Config

Extracted

Family

systembc

C2

80.85.84.79:4001

Targets

    • Target

      08c751edec7a3ae530ac34bd90e31445

    • Size

      32KB

    • MD5

      08c751edec7a3ae530ac34bd90e31445

    • SHA1

      13dace12ba3b0c2733fd9a5c041e469627b4cffc

    • SHA256

      d7d2a183cb22b8327d1a46c2c5d13f45a488234fd51fa4b355b6b53144495db8

    • SHA512

      44e5d2f1bf28ce7fb21dff8ce92e34e34c74c7edb4ba8e6c809c2fe1d5134c97ecc84291367ce496dd4047d78a26bb70007c3be4b61a1b24ce966807d46bfd67

    • SSDEEP

      768:uZ+k6/WHzIyee1F0dPiXpwJo8eyhoJD3u3L3GG9:kG4zIyeGuIGC8eyhoB+b

    Score
    10/10
    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

MITRE ATT&CK Enterprise v15

Tasks