General

  • Target

    SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe

  • Size

    1.7MB

  • Sample

    250302-qkjvgavyev

  • MD5

    775d48c5ca9cec5cb17ba4990e100b80

  • SHA1

    d51bdc3fc06fadd66fa0549c0c6924a52f980c91

  • SHA256

    ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6

  • SHA512

    de2a9adf415acf0d300c1d660141d4fcdcd15885750abdfa36253cb848cfb0d14f4529ce66ab8a6227d741fa52c7a6b59dc7253d269e0ffa0ebaa0782146f690

  • SSDEEP

    49152:VWiPyNzLHax6WxKPQx1GyGe4/xU7VNT1xMJ1NxjnW8EtVG:VhGW4OOCbhGQy

Malware Config

Extracted

Family

systembc

C2

towerbingobongoboom.com

213.209.150.137

Targets

    • Target

      SecuriteInfo.com.Win32.SpywareX-gen.326.19270.exe

    • Size

      1.7MB

    • MD5

      775d48c5ca9cec5cb17ba4990e100b80

    • SHA1

      d51bdc3fc06fadd66fa0549c0c6924a52f980c91

    • SHA256

      ee071cca5d50fc83f595410cd64d06f2c438424497bbafde868ee2356d8886a6

    • SHA512

      de2a9adf415acf0d300c1d660141d4fcdcd15885750abdfa36253cb848cfb0d14f4529ce66ab8a6227d741fa52c7a6b59dc7253d269e0ffa0ebaa0782146f690

    • SSDEEP

      49152:VWiPyNzLHax6WxKPQx1GyGe4/xU7VNT1xMJ1NxjnW8EtVG:VhGW4OOCbhGQy

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Systembc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks