General

  • Target

    JaffaCakes118_023e2acb003b96f527f717a6f19da625

  • Size

    147KB

  • Sample

    250512-ecnynsyks8

  • MD5

    023e2acb003b96f527f717a6f19da625

  • SHA1

    bd70f00c7a8d2ef4d75a29dea4344faaab74503b

  • SHA256

    8ad22aeb0780d443ad9ed7eaf960462abeffa3c1761d00b8e674f7ef0547a136

  • SHA512

    02bbfc86808b2c68dadc88d5f766083af3718a52f241b47a2556d90a5adae2ef3054309079fa340be7a979818a55169af647efac484a66463ec2ae68d2996d7a

  • SSDEEP

    3072:v7Y3v7DZR2gK5VuMi0BXdPWWV4WISXEfoc31kbX61ZbhCc:v7WHZsYMiItP1aWNcAX61Cc

Malware Config

Extracted

Family

systembc

C2

admex175x.xyz:4044

servx278x.xyz:4044

Targets

    • Target

      JaffaCakes118_023e2acb003b96f527f717a6f19da625

    • Size

      147KB

    • MD5

      023e2acb003b96f527f717a6f19da625

    • SHA1

      bd70f00c7a8d2ef4d75a29dea4344faaab74503b

    • SHA256

      8ad22aeb0780d443ad9ed7eaf960462abeffa3c1761d00b8e674f7ef0547a136

    • SHA512

      02bbfc86808b2c68dadc88d5f766083af3718a52f241b47a2556d90a5adae2ef3054309079fa340be7a979818a55169af647efac484a66463ec2ae68d2996d7a

    • SSDEEP

      3072:v7Y3v7DZR2gK5VuMi0BXdPWWV4WISXEfoc31kbX61ZbhCc:v7WHZsYMiItP1aWNcAX61Cc

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

    • Systembc family

    • Executes dropped EXE

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v16

Tasks