systembc | d397561a5bb963a3bdff021676cad184c81e4ad6fee1601d15924f144fe1e73a | Triage

Sharing

General

Target

edf555fc092865d05d3c666e1f4d43b3.exe
Size

195KB
Sample

210311-2xv2aewb5j
MD5

edf555fc092865d05d3c666e1f4d43b3
SHA1

1ca2283f19b033ea172de3a0e71cb050c7b501b9
SHA256

d397561a5bb963a3bdff021676cad184c81e4ad6fee1601d15924f144fe1e73a
SHA512

760def461697aa966673b7a3d69403cd6cf92dc3759c9fae80cc76ff173377f02e32a622c44cd33b97772bc17acd67392f4a960d9414ce427cdb0ec29c5676e7

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

anarhi2402.com:4039

anarhi2402.xyz:4039

Targets

- Target
  
  edf555fc092865d05d3c666e1f4d43b3.exe
- Size
  
  195KB
- MD5
  
  edf555fc092865d05d3c666e1f4d43b3
- SHA1
  
  1ca2283f19b033ea172de3a0e71cb050c7b501b9
- SHA256
  
  d397561a5bb963a3bdff021676cad184c81e4ad6fee1601d15924f144fe1e73a
- SHA512
  
  760def461697aa966673b7a3d69403cd6cf92dc3759c9fae80cc76ff173377f02e32a622c44cd33b97772bc17acd67392f4a960d9414ce427cdb0ec29c5676e7
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

behavioral2