Overview

overview

10

Static

static

3

Cbmefxrmnv.exe

windows7-x64

10

Cbmefxrmnv.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Cbmefxrmnv.exe

  • Size

    2.0MB

  • Sample

    240829-s4bdjs1dpj

  • MD5

    170fb4fa36de83de39a9e228f17b0060

  • SHA1

    4a9ee216442b6fc98152fe9e80e763d95caede6c

  • SHA256

    145dbb397089105d6d06a861d62b48be9fd2527fb7d023b114cf05b723cd3858

  • SHA512

    168f389ce7dd0a7feacf6505c1a52a6743900974dd11af86b2e07998817b2021f62dec0b00daffbc212fd51337500fa9ff1d669d708103de2337195db936ee8f

  • SSDEEP

    24576:qM7wJrWiSgXXHgdjvYiKs7KHxGoz8oVWtnq4cPgv07ZNAqbJBO+kLQL3cOEKFHt:r7wJVSoFL3cYFH

Score
10/10
systembcdiscoverypersistencetrojan

Malware Config

Extracted

Family

systembc

C2

claywyaeropumps.com

185.43.220.45
Attributes
  • dns

    5.132.191.104

Targets

    • Target

      Cbmefxrmnv.exe

    • Size

      2.0MB

    • MD5

      170fb4fa36de83de39a9e228f17b0060

    • SHA1

      4a9ee216442b6fc98152fe9e80e763d95caede6c

    • SHA256

      145dbb397089105d6d06a861d62b48be9fd2527fb7d023b114cf05b723cd3858

    • SHA512

      168f389ce7dd0a7feacf6505c1a52a6743900974dd11af86b2e07998817b2021f62dec0b00daffbc212fd51337500fa9ff1d669d708103de2337195db936ee8f

    • SSDEEP

      24576:qM7wJrWiSgXXHgdjvYiKs7KHxGoz8oVWtnq4cPgv07ZNAqbJBO+kLQL3cOEKFHt:r7wJVSoFL3cYFH

    Score
    10/10
    systembcdiscoverypersistencetrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks