systembc | 3fa6ec8527cec4045940e5d3fdaa518b23fd38f5d11645ee72e618d992b2bbb4 | Triage

Sharing

General

Target

3fa6ec8527cec4045940e5d3fdaa518b23fd38f5d11645ee72e618d992b2bbb4
Size

292KB
Sample

220326-pc89qacdg6
MD5

ab30424e59121773bcf6907da3676128
SHA1

94678f7fa6ea216e695bc19ff07f726122ebac68
SHA256

3fa6ec8527cec4045940e5d3fdaa518b23fd38f5d11645ee72e618d992b2bbb4
SHA512

0d19a610c2e465aff97ce0c3548dbc56baf7f5460d5bb950fc36274cd69fe83c6ab46464d4f57561d8186dfa98fae00ec9984669e7066a00ef4d4221c9a397ac

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  3fa6ec8527cec4045940e5d3fdaa518b23fd38f5d11645ee72e618d992b2bbb4
- Size
  
  292KB
- MD5
  
  ab30424e59121773bcf6907da3676128
- SHA1
  
  94678f7fa6ea216e695bc19ff07f726122ebac68
- SHA256
  
  3fa6ec8527cec4045940e5d3fdaa518b23fd38f5d11645ee72e618d992b2bbb4
- SHA512
  
  0d19a610c2e465aff97ce0c3548dbc56baf7f5460d5bb950fc36274cd69fe83c6ab46464d4f57561d8186dfa98fae00ec9984669e7066a00ef4d4221c9a397ac
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2