Overview

overview

10

Static

static

7

eed65a59ff...78.exe

windows7-x64

10

eed65a59ff...78.exe

windows10-1703-x64

10

eed65a59ff...78.exe

windows10-2004-x64

10

eed65a59ff...78.exe

windows11-21h2-x64

10

Resubmissions

15/04/2024, 11:22

240415-ngjdesdb38 10

10/04/2024, 03:15

240410-dsbgvafh3w 10

10/04/2024, 03:15

240410-dsawbafh3v 10

10/04/2024, 03:15

240410-dsakjsce67 10

10/04/2024, 03:15

240410-dr9y1sfh3t 10

20/12/2023, 16:55

231220-ve4pxaghel 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    eed65a59ffc55619d3c144643c7bca78

  • Size

    209KB

  • Sample

    240410-dsawbafh3v

  • MD5

    eed65a59ffc55619d3c144643c7bca78

  • SHA1

    85f049718c98b19823674e880b45cc66fc030206

  • SHA256

    804b4844251783c944b1f731776d6588e83e5965cc0cf08bd22de57cb37134d0

  • SHA512

    f744d7e69417b13d1faab77b300858fc2e01f18aa400499e7341466d291997f5f54503aa4371838f36b453502619da297f87269c190375dcdbf4084ffc1d34e4

  • SSDEEP

    6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1UU:cnLh9yn52rpUR5vHuRYpM+U

Score
10/10
systembcdiscoverytrojanupx

Malware Config

Extracted

Family

systembc

C2

yan0212.com:4039

yan0212.net:4039

Targets

    • Target

      eed65a59ffc55619d3c144643c7bca78

    • Size

      209KB

    • MD5

      eed65a59ffc55619d3c144643c7bca78

    • SHA1

      85f049718c98b19823674e880b45cc66fc030206

    • SHA256

      804b4844251783c944b1f731776d6588e83e5965cc0cf08bd22de57cb37134d0

    • SHA512

      f744d7e69417b13d1faab77b300858fc2e01f18aa400499e7341466d291997f5f54503aa4371838f36b453502619da297f87269c190375dcdbf4084ffc1d34e4

    • SSDEEP

      6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1UU:cnLh9yn52rpUR5vHuRYpM+U

    Score
    10/10
    systembcdiscoverytrojanupx

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Contacts a large (557) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks