Overview

overview

10

Static

static

7

4f61495744...18.exe

windows7-x64

10

4f61495744...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f61495744ac80a8c5e08eaaf5bd2147_JaffaCakes118

  • Size

    209KB

  • Sample

    240716-v9b85swekh

  • MD5

    4f61495744ac80a8c5e08eaaf5bd2147

  • SHA1

    f53222e9fc525c77f73318cf00743d061cd87ba8

  • SHA256

    f8e9770888bd3545c01053bb8031365eef2b071d0c2c5d89f7a8ead9f74da3fa

  • SHA512

    87cc87fa72f18133325d5b63e77f682636bcac9feb27b716353b402d6dcfc8c9311eeaa0e8d87e12a8fbe0d25e0bb2c58e2ea55c5fbc2f285997e75abd139445

  • SSDEEP

    6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1Uc:cnLh9yn52rpUR5vHuRYpM+c

Score
10/10
systembctrojanupx

Malware Config

Extracted

Family

systembc

C2

yan0212.com:4039

yan0212.net:4039

Targets

    • Target

      4f61495744ac80a8c5e08eaaf5bd2147_JaffaCakes118

    • Size

      209KB

    • MD5

      4f61495744ac80a8c5e08eaaf5bd2147

    • SHA1

      f53222e9fc525c77f73318cf00743d061cd87ba8

    • SHA256

      f8e9770888bd3545c01053bb8031365eef2b071d0c2c5d89f7a8ead9f74da3fa

    • SHA512

      87cc87fa72f18133325d5b63e77f682636bcac9feb27b716353b402d6dcfc8c9311eeaa0e8d87e12a8fbe0d25e0bb2c58e2ea55c5fbc2f285997e75abd139445

    • SSDEEP

      6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1Uc:cnLh9yn52rpUR5vHuRYpM+c

    Score
    10/10
    systembctrojanupx

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks