Overview

overview

10

Static

static

3

8692ca84b7...a2.exe

windows10-1703-x64

10

8692ca84b7...a2.exe

windows7-x64

10

8692ca84b7...a2.exe

windows10-1703-x64

10

8692ca84b7...a2.exe

windows10-2004-x64

10

8692ca84b7...a2.exe

windows11-21h2-x64

10

Resubmissions

15/04/2024, 11:40

240415-ns6yvsdd95 10

15/04/2024, 11:40

240415-ns6cbsfg6t 10

15/04/2024, 11:40

240415-ns4thafg6s 10

15/04/2024, 11:40

240415-ns37zadd92 10

15/04/2024, 11:40

240415-ns3w7sdd89 10

10/04/2024, 05:04

240410-fqkzlsge6x 10

10/04/2024, 05:04

240410-fqkc3sdd33 10

10/04/2024, 05:04

240410-fqjrjsge6w 10

10/04/2024, 05:04

240410-fqh51sge6v 10

02/04/2024, 15:12

240402-slhpxadh7t 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8692ca84b76d38ec5c260265413e4ca2.exe

  • Size

    166KB

  • Sample

    240415-ns6yvsdd95

  • MD5

    8692ca84b76d38ec5c260265413e4ca2

  • SHA1

    04ae6c5ee39ae1f56bae5e91ecaafb7f7cbee5c7

  • SHA256

    000ce16aa593d3de6ee74dc23d0ef231a77383c7545990d32c47f038314d0051

  • SHA512

    d4af4f9597d7266a5b9962ceb89a10cc50b7c426fc49682ac50b4c21ae08cf78d015f1ce5cd21b9f54a5591d475ced11195b45bae69ac918a64c910e434a608d

  • SSDEEP

    1536:hy20DImKwSz/7QuIBOIpsqDBYyP3ZVltEOGn5XZg65Wr/E+DSl55J3zQuk0B55ho:hsc5PqfOuPXEHz5WrMJ55J3zXLB55cC

Score
10/10
systembcdiscoverytrojan

Malware Config

Extracted

Family

systembc

C2

knock0909.monster:4035

knock0909.xyz:4035

Targets

    • Target

      8692ca84b76d38ec5c260265413e4ca2.exe

    • Size

      166KB

    • MD5

      8692ca84b76d38ec5c260265413e4ca2

    • SHA1

      04ae6c5ee39ae1f56bae5e91ecaafb7f7cbee5c7

    • SHA256

      000ce16aa593d3de6ee74dc23d0ef231a77383c7545990d32c47f038314d0051

    • SHA512

      d4af4f9597d7266a5b9962ceb89a10cc50b7c426fc49682ac50b4c21ae08cf78d015f1ce5cd21b9f54a5591d475ced11195b45bae69ac918a64c910e434a608d

    • SSDEEP

      1536:hy20DImKwSz/7QuIBOIpsqDBYyP3ZVltEOGn5XZg65Wr/E+DSl55J3zQuk0B55ho:hsc5PqfOuPXEHz5WrMJ55J3zXLB55cC

    Score
    10/10
    systembctrojandiscovery

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Contacts a large (868) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks