Extracted

• • Target

    722aff7500dfce8737389cef11282becce37827df3ca9069b68bac66efb02287

  • Size

    856KB

  • MD5

    f7d59f44fee4981011624cfad18f5337

  • SHA1

    db1cb01bfb123b2f5fb1240d57f263573d90433f

  • SHA256

    722aff7500dfce8737389cef11282becce37827df3ca9069b68bac66efb02287

  • SHA512

    633774cda15ad084b8aa6cdde1783450c3bafdfb744cf3e79066632e785261f93e520b5a0f346623727f2158f562b691ab16b0e55bc209f364414843df929965

  • SSDEEP

    1536:ysXQ0yVN2gV0GnoX1kPYqwtFUNn0WJWsa9tjUQukOVRct3Z3zAtp:xQX2gV1lwqaFFF9tjUXfVRo

  Score

  10^/10

  systembctrojandiscovery

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Contacts a large (589) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Executes dropped EXE

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Malware can proxy its traffic through Tor for more anonymity.

  behavioral1behavioral2behavioral3behavioral4behavioral5