General

  • Target

    92f5e87abf9c56629ea18d38fd358c554842492ed2dd927f5da116312bb341e0

  • Size

    953KB

  • Sample

    241216-p5jjrs1kb1

  • MD5

    685315094a528c85b57e32fdd640b2c0

  • SHA1

    5386ade339f9beac050875e91f1a068c7b28cc61

  • SHA256

    92f5e87abf9c56629ea18d38fd358c554842492ed2dd927f5da116312bb341e0

  • SHA512

    765087694c46a8a31a2b03aed21373b2c8879ae4d0ef0e7cc7768ddfd066b36289ac48f1dce346d6816a84419ad7bcd93ec32f16a57c38acf54b2dac4873986d

  • SSDEEP

    24576:wkp3To+6N/Wnlz0BzxTQXzsTPS2iIzOYU5dRK:fp3vQyIzCwLrFCvd8

Malware Config

Extracted

Family

systembc

C2

wodresomdaymomentum.org

Attributes
  • dns

    5.132.191.104

Targets

    • Target

      BlueMail.exe

    • Size

      1006KB

    • MD5

      0630c2c8a8c85dca0b36513ad79967e8

    • SHA1

      9dafbb4ef4c4ecbd78aa9f4c8f0260a8aba2baf4

    • SHA256

      341082f1ded57c304632b7607119183bb78ba76e1b492f3e4a706fd83c1bc13d

    • SHA512

      2e200220d5b8ab644274af62de19b36c502ca8c6e9a450e2ac61c8f5cce20a45d73200d4d8f45b1b45a4b3a645c103a61110d5f4273783f06ccabe6f1c407350

    • SSDEEP

      24576:W0RHvPoU6t/Wn5z09zDxeXTMT9m2OyzUYc:lHvB+QmzoIZ3Bw

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Systembc family

    • Drops startup file

    • Executes dropped EXE

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks