Overview

overview

10

Static

static

3

7c05833514...f5.exe

windows7-x64

10

7c05833514...f5.exe

windows7-x64

10

7c05833514...f5.exe

windows10-1703-x64

10

7c05833514...f5.exe

windows10-2004-x64

10

7c05833514...f5.exe

windows11-21h2-x64

10

Resubmissions

17-04-2024 09:26

240417-lee7waah53 10

17-04-2024 09:26

240417-leddaaah47 10

17-04-2024 09:26

240417-lec3hsce2w 10

17-04-2024 09:26

240417-lecfzsce2v 10

17-04-2024 09:26

240417-lebvfsah45 10

16-04-2024 13:38

240416-qxqhsada21 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7c05833514baa8de4f997a7fcb04096316f2fb44d77fcc0951bb50adbf8d58f5

  • Size

    1.0MB

  • Sample

    240417-lec3hsce2w

  • MD5

    0a286d2f6060a92d15ddfd03063a1486

  • SHA1

    172ae7b2059b420c463daf8ca58a55d8ab500d5c

  • SHA256

    7c05833514baa8de4f997a7fcb04096316f2fb44d77fcc0951bb50adbf8d58f5

  • SHA512

    bdcccaf8f7636bb54d74d1a1ead3288234a787c3b6d9c3d96e3584fc520088c97c98130e8fe030a1ee9551376b270f0ee5c6e53dd44581850e73abc9493d4cc7

  • SSDEEP

    6144:X9mI/A/bpCQqR5yqL5pbqD8T/ruThC711qC711Q:X9ro/4QqLrqDC/ru8PDPQ

Score
10/10
systembcdiscoverytrojan

Malware Config

Extracted

Family

systembc

C2

yan0212.com:4039

yan0212.net:4039

Targets

    • Target

      7c05833514baa8de4f997a7fcb04096316f2fb44d77fcc0951bb50adbf8d58f5

    • Size

      1.0MB

    • MD5

      0a286d2f6060a92d15ddfd03063a1486

    • SHA1

      172ae7b2059b420c463daf8ca58a55d8ab500d5c

    • SHA256

      7c05833514baa8de4f997a7fcb04096316f2fb44d77fcc0951bb50adbf8d58f5

    • SHA512

      bdcccaf8f7636bb54d74d1a1ead3288234a787c3b6d9c3d96e3584fc520088c97c98130e8fe030a1ee9551376b270f0ee5c6e53dd44581850e73abc9493d4cc7

    • SSDEEP

      6144:X9mI/A/bpCQqR5yqL5pbqD8T/ruThC711qC711Q:X9ro/4QqLrqDC/ru8PDPQ

    Score
    10/10
    systembcdiscoverytrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Contacts a large (610) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Executes dropped EXE

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2behavioral3behavioral4behavioral5

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

1
T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Proxy

1
T1090

Impact

Resource Development

Reconnaissance

Tasks