systembc | ecdcff5459c84b727f0e89ecf20e4173c13cf45da842a5a3f89eef97b469f6d8 | Triage

Sharing

General

Target

5516729051676672.zip
Size

91KB
Sample

211208-rnqmvshabl
MD5

e8ced2d843d904018a218089efc8d487
SHA1

fb0990196d4af7f3c9fe7067c17fdb09a1c26ac2
SHA256

ecdcff5459c84b727f0e89ecf20e4173c13cf45da842a5a3f89eef97b469f6d8
SHA512

28339f0a2effbd6d1fca3abb39159c075dab4026e2dad5c21d44af3ac152f4277d4b4cae794f5a2562d491d93286f1aebf94b3a096680cb27ff2581f881f5259

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

mxblogs19.xyz:4044

sdadvert20.xyz:4044

Targets

- Target
  
  25e6923418ede3293afad2e318e302f1249323c56cbfed23c9586a7e7c1996fb
- Size
  
  148KB
- MD5
  
  a6bb96f7c9972db7d27a415742d57a88
- SHA1
  
  d8e3c322e66d714db5a947ea0804f112f7971734
- SHA256
  
  25e6923418ede3293afad2e318e302f1249323c56cbfed23c9586a7e7c1996fb
- SHA512
  
  e40fcf73f5ff1e86214d369dcd5ebc1735dba9ac5ea95a0b357fc8935061274858e9f6fd9dbf1dc9b2224424c4eebd6c79d81551ddbc78bb96371c0c903aa3ca
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2