Overview

overview

10

Static

static

7

2579be109c...a8.exe

windows11-21h2-x64

10

2579be109c...a8.exe

windows7-x64

10

2579be109c...a8.exe

windows10-1703-x64

10

2579be109c...a8.exe

windows10-2004-x64

10

2579be109c...a8.exe

windows11-21h2-x64

10

Resubmissions

15/04/2024, 11:39 UTC

240415-nshk9sdd73 10

15/04/2024, 11:39 UTC

240415-nshahafg41 10

15/04/2024, 11:39 UTC

240415-nsgnzadd72 10

15/04/2024, 11:39 UTC

240415-nsf3fadd69 10

15/04/2024, 11:39 UTC

240415-nsffxadd68 10

10/04/2024, 05:03 UTC

240410-fpndcadd29 10

10/04/2024, 05:02 UTC

240410-fph4madd28 10

10/04/2024, 05:02 UTC

240410-fphsvsge5z 10

10/04/2024, 05:02 UTC

240410-fphg4age5y 10

08/02/2023, 19:06 UTC

230208-xr3z9aef82 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2579be109c1035cb96942951710020a8.exe

  • Size

    147KB

  • Sample

    240415-nshahafg41

  • MD5

    2579be109c1035cb96942951710020a8

  • SHA1

    6987472967c8ce5e3d5fd6730a9da2964afacd10

  • SHA256

    a0a5ebd512b7685798ac966c0b05415df9eff585a79af11c9ff99d7aa17e2101

  • SHA512

    191ea3d7edc69f1cb9d1ec4967074667c5e1c6b02fdaa8bbc5a4414bf5ca00ccafadc49670c5b3065133915d78e482572545f1d0c8c3382e6a767c1f08a33a21

  • SSDEEP

    3072:9NuSXw/c4JHdNX8PAzCABaxg0r27f8EjQspDNJJAksa:9oSXw/hfNXmAzbYg02Ok

Score
10/10
systembcdiscoverytrojanupx

Malware Config

Extracted

Family

systembc

C2

advertspace10.club:4044

logstat17.club:4044

Targets

    • Target

      2579be109c1035cb96942951710020a8.exe

    • Size

      147KB

    • MD5

      2579be109c1035cb96942951710020a8

    • SHA1

      6987472967c8ce5e3d5fd6730a9da2964afacd10

    • SHA256

      a0a5ebd512b7685798ac966c0b05415df9eff585a79af11c9ff99d7aa17e2101

    • SHA512

      191ea3d7edc69f1cb9d1ec4967074667c5e1c6b02fdaa8bbc5a4414bf5ca00ccafadc49670c5b3065133915d78e482572545f1d0c8c3382e6a767c1f08a33a21

    • SSDEEP

      3072:9NuSXw/c4JHdNX8PAzCABaxg0r27f8EjQspDNJJAksa:9oSXw/hfNXmAzbYg02Ok

    Score
    10/10
    systembctrojanupxdiscovery

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Contacts a large (737) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.