systembc | d0f9d46bfa6868d957540a3c89625eda161fe34c9658c9c156be512f2973e149 | Triage

Submit
Reports

Overview

overview

Static

static

d0f9d46bfa...49.exe

windows7_x64

d0f9d46bfa...49.exe

windows10-2004_x64

Sharing

General

Target

d0f9d46bfa6868d957540a3c89625eda161fe34c9658c9c156be512f2973e149
Size

292KB
Sample

220326-n3zbrsghcp
MD5

2c640457ce9535dfe46ba275e358cb50
SHA1

5e3b05d9ef93cf757325a4ec4d0fa1b881b2472d
SHA256

d0f9d46bfa6868d957540a3c89625eda161fe34c9658c9c156be512f2973e149
SHA512

a9ef2e06efde9eef6869e7c085eb1612cb1aa76b076d578e73870d75b56e0fd2daa0c03e2f1a3a5ae8c2cff0e9487da4d245b2cf0dd9c8996e15bffd80906a8f

Score

10^/10

systembc suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

d0f9d46bfa6868d957540a3c89625eda161fe34c9658c9c156be512f2973e149.exe

Resource

win7-20220311-en

systembc suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

d0f9d46bfa6868d957540a3c89625eda161fe34c9658c9c156be512f2973e149.exe

Resource

win10v2004-20220310-en

systembc suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  d0f9d46bfa6868d957540a3c89625eda161fe34c9658c9c156be512f2973e149
- Size
  
  292KB
- MD5
  
  2c640457ce9535dfe46ba275e358cb50
- SHA1
  
  5e3b05d9ef93cf757325a4ec4d0fa1b881b2472d
- SHA256
  
  d0f9d46bfa6868d957540a3c89625eda161fe34c9658c9c156be512f2973e149
- SHA512
  
  a9ef2e06efde9eef6869e7c085eb1612cb1aa76b076d578e73870d75b56e0fd2daa0c03e2f1a3a5ae8c2cff0e9487da4d245b2cf0dd9c8996e15bffd80906a8f
Score

10^/10

systembc suricata trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
  suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
  suricata
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembcsuricatatrojan

behavioral2

systembcsuricatatrojan

© 2018-2024

Terms | Privacy