General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.28320.7917.exe

  • Size

    893KB

  • Sample

    241019-2cljwavcqj

  • MD5

    6da3ec62800b295f92d268c84f121259

  • SHA1

    4b4dc1a6f67769f726e89afbcc39d23bf38978b8

  • SHA256

    46e0bbdbdffa58d201e3aa377f77d4f85a7704a60042eaf13d5cedf70808e937

  • SHA512

    b788878965c65a89b688a610aed65e51efefe60c0dbd5f21a15ecde39479ca75e614f6d4ee29f0b2d438d1b55418f5b448f46a2e308c8d72b46c5be491188321

  • SSDEEP

    24576:kCNgmMtTCrukMSZvRWDrlU/1TP477WS8Cy1IZVKU1WALQ2k:ymMBCrhMSpRW6tTl5mZ0jALQ

Malware Config

Extracted

Family

systembc

C2

claywyaeropumps.com

178.132.2.10

Attributes
  • dns

    5.132.191.104

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.28320.7917.exe

    • Size

      893KB

    • MD5

      6da3ec62800b295f92d268c84f121259

    • SHA1

      4b4dc1a6f67769f726e89afbcc39d23bf38978b8

    • SHA256

      46e0bbdbdffa58d201e3aa377f77d4f85a7704a60042eaf13d5cedf70808e937

    • SHA512

      b788878965c65a89b688a610aed65e51efefe60c0dbd5f21a15ecde39479ca75e614f6d4ee29f0b2d438d1b55418f5b448f46a2e308c8d72b46c5be491188321

    • SSDEEP

      24576:kCNgmMtTCrukMSZvRWDrlU/1TP477WS8Cy1IZVKU1WALQ2k:ymMBCrhMSpRW6tTl5mZ0jALQ

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Executes dropped EXE

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks