General

  • Target

    soudneff.exe

  • Size

    1.7MB

  • Sample

    250304-j7arravxbz

  • MD5

    efac52cc9304919d4f9e49c56bdbd484

  • SHA1

    68e90fd0a473ba822bb4f708d718afcbbd660850

  • SHA256

    e903bd6ec4817fca7a718b770d6d6a509c7e522cbebb41bd26e48bfe009d0510

  • SHA512

    9185437c21c56772d3dd7172269b3569380b518e78c8cb9dcf947968476d4d79beb2aeb31da66d3736a2a0f3be88d3caf86d9ba79c59608aaca196c409466ada

  • SSDEEP

    49152:dWiPyNzLHax6WxKPQx1GyGe4/xU7VNT1xMJ1NxjnW8EtV:dhGW4OOCbhGQ

Malware Config

Extracted

Family

systembc

C2

towerbingobongoboom.com

213.209.150.137

Targets

    • Target

      soudneff.exe

    • Size

      1.7MB

    • MD5

      efac52cc9304919d4f9e49c56bdbd484

    • SHA1

      68e90fd0a473ba822bb4f708d718afcbbd660850

    • SHA256

      e903bd6ec4817fca7a718b770d6d6a509c7e522cbebb41bd26e48bfe009d0510

    • SHA512

      9185437c21c56772d3dd7172269b3569380b518e78c8cb9dcf947968476d4d79beb2aeb31da66d3736a2a0f3be88d3caf86d9ba79c59608aaca196c409466ada

    • SSDEEP

      49152:dWiPyNzLHax6WxKPQx1GyGe4/xU7VNT1xMJ1NxjnW8EtV:dhGW4OOCbhGQ

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Systembc family

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v15

Tasks