General

  • Target

    cac0056b23a93519a5f4e526e52187f37b88373c76aa065b9f895d1ecd4f4169.exe

  • Size

    4.5MB

  • Sample

    240516-b7xmhsfb89

  • MD5

    133fda00a490e613f3a6c511c1c660eb

  • SHA1

    e34f9f1c622a7e6d3cb34217b0935ebdaab8ebe9

  • SHA256

    cac0056b23a93519a5f4e526e52187f37b88373c76aa065b9f895d1ecd4f4169

  • SHA512

    f4dd02b04326e37a3368d9c385b363689f877ae43c16de103efada642f41fe85580939db84a030597e3032d6da407d073af2b64160feec6fe38f37f1b473fffd

  • SSDEEP

    24576:ypPiRcjGOOiX3Sl9L7MupXdagdle6whTeo5A4T9W+xjaCsyfwUmvHX+ODvz8JQDm:

Score
10/10

Malware Config

Extracted

Family

systembc

C2

212.162.153.199:4382

Targets

    • Target

      cac0056b23a93519a5f4e526e52187f37b88373c76aa065b9f895d1ecd4f4169.exe

    • Size

      4.5MB

    • MD5

      133fda00a490e613f3a6c511c1c660eb

    • SHA1

      e34f9f1c622a7e6d3cb34217b0935ebdaab8ebe9

    • SHA256

      cac0056b23a93519a5f4e526e52187f37b88373c76aa065b9f895d1ecd4f4169

    • SHA512

      f4dd02b04326e37a3368d9c385b363689f877ae43c16de103efada642f41fe85580939db84a030597e3032d6da407d073af2b64160feec6fe38f37f1b473fffd

    • SSDEEP

      24576:ypPiRcjGOOiX3Sl9L7MupXdagdle6whTeo5A4T9W+xjaCsyfwUmvHX+ODvz8JQDm:

    Score
    10/10
    • Modifies security service

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks