Extracted

• • Target

    c04fb7e860702a4c70586b4b15fb2a12a6821bf0a7e4e95dd8759ca1985c7dd6

  • Size

    30KB

  • MD5

    8f1bc2c9a71086445255730d272a3408

  • SHA1

    7ab7a0e541850c5729d495097e0d7901771dc8b9

  • SHA256

    c04fb7e860702a4c70586b4b15fb2a12a6821bf0a7e4e95dd8759ca1985c7dd6

  • SHA512

    3dbfe018e29f014da1f6df132add029ce888d45ed5e22579c060a0a7b32f335433825c2bc41b96ebaafa2830a38bc45caaf656f6d4da67aea7698fc96a1bd6f0

  • SSDEEP

    768:4TwkPr8C6fuFdaAna6DCPt34GuYY92rjnPoJlzcamI1:MV8C6fuFdaz6+O1n2rjnPo7

  Score

  10^/10

  systembctrojandiscovery

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Contacts a large (599) amount of remote hosts

    This may indicate a network scan to discover remotely running services.

    discovery

  • Executes dropped EXE

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Uses Tor communications

    Malware can proxy its traffic through Tor for more anonymity.

  behavioral1behavioral2behavioral3behavioral4behavioral5