Extracted

• • Target

    0b0466996b77c223295a05899525df93489cfda27c7c95b78bec4c6a595629d5

  • Size

    30KB

  • MD5

    87968a631411cdf26058e8ae5a0902a5

  • SHA1

    a09dc0e8855780430d10811834da6504eb1d72ad

  • SHA256

    0b0466996b77c223295a05899525df93489cfda27c7c95b78bec4c6a595629d5

  • SHA512

    07ce6246217a61085ae0ab7a6fade6429d7d946c4970ce79c1a7e22e1fc5f15949a09a0b04ec5bdc00cfd7bb5b11b6cfc5d8fbc9a3f39875443a1bbe7301644e

  • SSDEEP

    768:4TwkPr8C6fuFdaAna6DCPt34GuYY92rjnPoJlvcaII1:MV8C6fuFdaz6+O1n2rjnPo7

  Score

  10^/10

  systembctrojandiscovery

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Contacts a large (639) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Executes dropped EXE

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Malware can proxy its traffic through Tor for more anonymity.

  behavioral1behavioral2behavioral3behavioral4behavioral5