General

  • Target

    Ewpeloxttug.exe

  • Size

    2.2MB

  • Sample

    241130-bv85sazqdq

  • MD5

    23c8cb1226c61a164d7518218c837b81

  • SHA1

    45ea74832e487bacb788189c04661b29a71e86b5

  • SHA256

    21aaa5319a6729df0581203a0782ead837b848387e44cd1844ca8e19882a50af

  • SHA512

    8e219108c05966ec8ee6bc2ce2fb40c4aedce6614e65970c356e4f840e88720188c762aaa4451c2f5f1fa1bbc14136ecbcd1f4c9f3b1a5fccc0ab053a37bcc21

  • SSDEEP

    24576:wqDdns3FYYhWxL3rc/+rhm+qx6GuQ5qGPVmTy9xMNWgJ/AICqQ9pEsePeHMSPs2f:1iD

Malware Config

Extracted

Family

systembc

C2

claywyaeropumps.com

178.132.2.10

Attributes
  • dns

    5.132.191.104

Targets

    • Target

      Ewpeloxttug.exe

    • Size

      2.2MB

    • MD5

      23c8cb1226c61a164d7518218c837b81

    • SHA1

      45ea74832e487bacb788189c04661b29a71e86b5

    • SHA256

      21aaa5319a6729df0581203a0782ead837b848387e44cd1844ca8e19882a50af

    • SHA512

      8e219108c05966ec8ee6bc2ce2fb40c4aedce6614e65970c356e4f840e88720188c762aaa4451c2f5f1fa1bbc14136ecbcd1f4c9f3b1a5fccc0ab053a37bcc21

    • SSDEEP

      24576:wqDdns3FYYhWxL3rc/+rhm+qx6GuQ5qGPVmTy9xMNWgJ/AICqQ9pEsePeHMSPs2f:1iD

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Systembc family

    • Drops startup file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks