General

  • Target

    306cc027d7a227d3fcf353f47eea9292c400dfae4063cfdb5b85a37c5978d79c

  • Size

    667KB

  • Sample

    240516-2t6ldacf6x

  • MD5

    e953d58e12762f7283bf62ad9f214dbb

  • SHA1

    e2915c5f414312a3fdc7e5f353de3d3d15cd6a22

  • SHA256

    306cc027d7a227d3fcf353f47eea9292c400dfae4063cfdb5b85a37c5978d79c

  • SHA512

    993f5859da479952cb66fd2f286d3843092a1a7393a66b97ff174178d303d864ba8e10c459a2e68f8b28b0eb9f4ecefc90ac25e251febff21f033ec8aaab8004

  • SSDEEP

    6144:tM0RkR33Bj+4jZr3iXlmGNa/LULvJ5+4weYmKNtgeAUBMmihN:tM0uRvVSVmGULqvJGe32/tk

Malware Config

Extracted

Family

systembc

C2

212.162.153.199:4382

Targets

    • Target

      306cc027d7a227d3fcf353f47eea9292c400dfae4063cfdb5b85a37c5978d79c

    • Size

      667KB

    • MD5

      e953d58e12762f7283bf62ad9f214dbb

    • SHA1

      e2915c5f414312a3fdc7e5f353de3d3d15cd6a22

    • SHA256

      306cc027d7a227d3fcf353f47eea9292c400dfae4063cfdb5b85a37c5978d79c

    • SHA512

      993f5859da479952cb66fd2f286d3843092a1a7393a66b97ff174178d303d864ba8e10c459a2e68f8b28b0eb9f4ecefc90ac25e251febff21f033ec8aaab8004

    • SSDEEP

      6144:tM0RkR33Bj+4jZr3iXlmGNa/LULvJ5+4weYmKNtgeAUBMmihN:tM0uRvVSVmGULqvJGe32/tk

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks