Resubmissions
15-04-2024 11:37
240415-nrnqwsfg3w 1015-04-2024 11:37
240415-nrmtlafg3v 1015-04-2024 11:37
240415-nrmhtsfg3t 1015-04-2024 11:37
240415-nrlxasdd49 1015-04-2024 11:37
240415-nrlarsdd48 1010-04-2024 05:01
240410-fnxkmadd26 1010-04-2024 05:01
240410-fnpj1sdd25 1010-04-2024 05:01
240410-fnnygsdd24 1010-04-2024 05:01
240410-fnjc1add22 10Analysis
-
max time kernel
142s -
max time network
144s -
platform
windows11-21h2_x64 -
resource
win11-20240412-en -
resource tags
-
submitted
15-04-2024 11:37
General
-
Target
5cacf2b43b8d5578156df066f2181117.exe
-
Size
217KB
-
MD5
5cacf2b43b8d5578156df066f2181117
-
SHA1
7e4e1385713db3e859bdd5ad6b503e7013b37796
-
SHA256
7d17668ad7a09802bbf39bd76093ddb9658d74cffaefc3528463b77573802728
-
SHA512
c7a1e2fafc31d2ce366f5130d28835afdb88f9298fede4121c812f2d5222ff8d855f31e11e54b5b44fbc1d376e16103f0a04794baac62618c72f00aaef6a8142
-
SSDEEP
6144:YkriDRJpv8UfcWtfJOxM3zeKqjrdySHy:YkwRT8ctROxM3z/CrcSHy
Malware Config
Extracted
systembc
advertx15.xyz:4044
spacex17.xyz:4044
Signatures
-
SystemBC
SystemBC is a proxy and remote administration tool first seen in 2019.
-
Executes dropped EXE 1 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in Windows directory 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\5cacf2b43b8d5578156df066f2181117.exe"C:\Users\Admin\AppData\Local\Temp\5cacf2b43b8d5578156df066f2181117.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\ProgramData\bgloqta\sakvofp.exeC:\ProgramData\bgloqta\sakvofp.exe start21⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\bgloqta\sakvofp.exeFilesize
217KB
MD55cacf2b43b8d5578156df066f2181117
SHA17e4e1385713db3e859bdd5ad6b503e7013b37796
SHA2567d17668ad7a09802bbf39bd76093ddb9658d74cffaefc3528463b77573802728
SHA512c7a1e2fafc31d2ce366f5130d28835afdb88f9298fede4121c812f2d5222ff8d855f31e11e54b5b44fbc1d376e16103f0a04794baac62618c72f00aaef6a8142
-
memory/1060-15-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/1060-30-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/1060-29-0x00000000022C0000-0x00000000022F4000-memory.dmpFilesize
208KB
-
memory/1060-27-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/1060-21-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/1060-19-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/1060-17-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/3328-6-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/3328-14-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/3328-7-0x00000000024E0000-0x0000000002514000-memory.dmpFilesize
208KB
-
memory/3328-8-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/3328-0-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/3328-3-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/3328-2-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB
-
memory/3328-1-0x0000000000400000-0x0000000000459000-memory.dmpFilesize
356KB