General

  • Target

    341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d

  • Size

    1006KB

  • Sample

    241216-p2asfs1qfn

  • MD5

    0630c2c8a8c85dca0b36513ad79967e8

  • SHA1

    9dafbb4ef4c4ecbd78aa9f4c8f0260a8aba2baf4

  • SHA256

    341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d

  • SHA512

    2e200220d5b8ab644274af62de19b36c502ca8c6e9a450e2ac61c8f5cce20a45d73200d4d8f45b1b45a4b3a645c103a61110d5f4273783f06ccabe6f1c407350

  • SSDEEP

    24576:W0RHvPoU6t/Wn5z09zDxeXTMT9m2OyzUYc:lHvB+QmzoIZ3Bw

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes
  • dns

    5.132.191.104

Targets

    • Target

      341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d

    • Size

      1006KB

    • MD5

      0630c2c8a8c85dca0b36513ad79967e8

    • SHA1

      9dafbb4ef4c4ecbd78aa9f4c8f0260a8aba2baf4

    • SHA256

      341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d

    • SHA512

      2e200220d5b8ab644274af62de19b36c502ca8c6e9a450e2ac61c8f5cce20a45d73200d4d8f45b1b45a4b3a645c103a61110d5f4273783f06ccabe6f1c407350

    • SSDEEP

      24576:W0RHvPoU6t/Wn5z09zDxeXTMT9m2OyzUYc:lHvB+QmzoIZ3Bw

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Systembc family

    • Drops startup file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks