Overview

overview

10

Static

static

10

systembc.exe.dll

windows7_x64

10

systembc.exe.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    systembc.exe

  • Size

    37KB

  • Sample

    210721-nrs5b3vf9x

  • MD5

    8fa05b4bb735337625a1a0bc8c1e643c

  • SHA1

    7628c5da3383690e548bbc24317c5d7bbb168def

  • SHA256

    39e7c94d3d5e7b7b316d87d61daea6ac78f47ebeb6fce586322e6e645db5e5e3

  • SHA512

    e3aa1ca9086e4464f3876de3ddf2ee7b118470ec7c0e783e9e329b281316b16b63f858e646eb69ba97e3f9fffabe6a4f1c6ba20d5e10862c8bfc7fc2d876edb1

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

149.248.34.200:4001

Targets

    • Target

      systembc.exe

    • Size

      37KB

    • MD5

      8fa05b4bb735337625a1a0bc8c1e643c

    • SHA1

      7628c5da3383690e548bbc24317c5d7bbb168def

    • SHA256

      39e7c94d3d5e7b7b316d87d61daea6ac78f47ebeb6fce586322e6e645db5e5e3

    • SHA512

      e3aa1ca9086e4464f3876de3ddf2ee7b118470ec7c0e783e9e329b281316b16b63f858e646eb69ba97e3f9fffabe6a4f1c6ba20d5e10862c8bfc7fc2d876edb1

    Score
    10/10
    systembctrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Blocklisted process makes network request

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

1
T1090

Impact

Tasks