Overview

overview

10

Static

static

7

sample.exe

windows7-x64

10

sample.exe

windows10-1703-x64

10

sample.exe

windows10-2004-x64

10

sample.exe

windows11-21h2-x64

10

Resubmissions

13-04-2024 09:24

240413-ldke7sfe9s 10

13-04-2024 09:21

240413-lbhhtsfe8v 10

13-04-2024 09:21

240413-lbef6sfe8t 10

13-04-2024 09:21

240413-lbd6eafe8s 10

13-04-2024 09:21

240413-lbdvmsfe71 10

09-04-2024 08:13

240409-j4mxxaad33 10

09-04-2024 08:13

240409-j4ml5sad32 10

09-04-2024 08:13

240409-j4l1lsad29 10

09-04-2024 08:13

240409-j4lpvaad28 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c68035aabbe9b80ace209290aa28b8108cbb03a9d6a6301eb9a8d638db024ad0.bin.sample.gz

  • Size

    133KB

  • Sample

    240409-j4mxxaad33

  • MD5

    72558c562321ff3be1c244f3145a7af3

  • SHA1

    0a2c57a2ae805ace3b6b0d5155282f9dd1f58daf

  • SHA256

    83accd1cbe7ed2c6db27dcc000e940ab475b40dec95847779cc47905aaa909ea

  • SHA512

    bb56fa201059036512c923392e39c3c5cad9c4eeed057ffd44d3f74d3c75b9cdbfe69a2e16c8a5beff046bb9f263d5eb280b0b9725c06777aafc310043e47e7b

  • SSDEEP

    3072:sVQav9ifTQvu1IgH9JotpvmQwB5qy0cyV0kyDAp:atvaMvLiotpvjOEyL403s

Score
10/10
systembcdiscoverytrojanupx

Malware Config

Extracted

Family

systembc

C2

admex175x.xyz:4044

servx278x.xyz:4044

Targets

    • Target

      sample

    • Size

      171KB

    • MD5

      8e3a80163ebba090c69ecdeec8860c8b

    • SHA1

      3beb3fdd46f78d54c19f5d66f46172d6f5cde830

    • SHA256

      c68035aabbe9b80ace209290aa28b8108cbb03a9d6a6301eb9a8d638db024ad0

    • SHA512

      fe327e9f59d87f333ec0b2fcae916f41af8e5df5edaa2a2085e7998f3903746ad7de8b891f553b81d44ee49098de3105fae24e380c540b50c78a96ffc859da03

    • SSDEEP

      3072:PGq7Cm2r13QuGGz7qr+qf8v0knEyc9TXA2J:Pj7jmGqqrlfGDcfJ

    Score
    10/10
    systembcdiscoverytrojanupx

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Contacts a large (643) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks