Overview

overview

10

Static

static

7

3e58382005...b1.exe

windows7-x64

10

3e58382005...b1.exe

windows10-1703-x64

10

3e58382005...b1.exe

windows10-2004-x64

10

3e58382005...b1.exe

windows11-21h2-x64

10

out.exe

windows7-x64

3

out.exe

windows10-1703-x64

3

out.exe

windows10-2004-x64

3

out.exe

windows11-21h2-x64

3

Resubmissions

15-04-2024 11:19

240415-nfa1nada96 10

10-04-2024 03:13

240410-dqqhzsfh2w 10

10-04-2024 03:12

240410-dqp78ace62 10

10-04-2024 03:12

240410-dqplpafh2v 10

10-04-2024 03:12

240410-dqpaxsce59 10

22-12-2023 00:59

231222-bb35escaf6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e58382005322606bd6ae12da2f209b1

  • Size

    209KB

  • Sample

    240410-dqplpafh2v

  • MD5

    3e58382005322606bd6ae12da2f209b1

  • SHA1

    0afab0c2514061f3d341f720705e54aad4a4f36e

  • SHA256

    9ab42dd0edbb92405904350c550525878312858405e737c7414025dab5981c80

  • SHA512

    13c8df1f07d1584cc827fcc78b691cac78e7cd95ad0e2578974acb9bd8b0c2770d410d743fdc84ffa4c1a431ebe05772715d6bd57489abb7dc249b43b241c1ee

  • SSDEEP

    6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1UR:cnLh9yn52rpUR5vHuRYpM+R

Score
10/10
systembctrojanupx

Malware Config

Extracted

Family

systembc

C2

yan0212.com:4039

yan0212.net:4039

Targets

    • Target

      3e58382005322606bd6ae12da2f209b1

    • Size

      209KB

    • MD5

      3e58382005322606bd6ae12da2f209b1

    • SHA1

      0afab0c2514061f3d341f720705e54aad4a4f36e

    • SHA256

      9ab42dd0edbb92405904350c550525878312858405e737c7414025dab5981c80

    • SHA512

      13c8df1f07d1584cc827fcc78b691cac78e7cd95ad0e2578974acb9bd8b0c2770d410d743fdc84ffa4c1a431ebe05772715d6bd57489abb7dc249b43b241c1ee

    • SSDEEP

      6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1UR:cnLh9yn52rpUR5vHuRYpM+R

    Score
    10/10
    systembctrojanupx

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2behavioral3behavioral4

    • Target

      out.upx

    • Size

      1.0MB

    • MD5

      86b56f37e12c0361800c2dc4a00efaad

    • SHA1

      5a4521d1334b352cfb0abc9ea4c16dba3a683139

    • SHA256

      f55cb3610af39d030231dc72beb53bdfa9f6fe26ff62c72e9af92059ad4b947e

    • SHA512

      e67b7cc98a0fdbcbfa6fc1ece56f8ed25f8bb920e76d1f6bd1e997823220b19ada56a6a99e2e0b60c3ea43053ad4bec9f11b59a8c1cfebae7470a5eff8850a7d

    • SSDEEP

      6144:D9mI/A/bpCQqR5yqL5gbqD8T/ruTEu1U7C711:D9ro/4QqLmqDC/rup+6P

    Score
    3/10
    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks