systembc | ea9e177660eb79d3791f96304613657d605c7007310a27c83cd24742f1667e0f | Triage

Sharing

General

Target

ea9e177660eb79d3791f96304613657d605c7007310a27c83cd24742f1667e0f
Size

87KB
Sample

220327-1tnj5adde3
MD5

d623e16fd5b0cccb2ee19ce6fe0aef3e
SHA1

3a0645d9cae8f841fabaf3daf256527f479cf753
SHA256

ea9e177660eb79d3791f96304613657d605c7007310a27c83cd24742f1667e0f
SHA512

82461d1badf9f44286260891bab8dd34ad912ca256531046c685e04717810bca6fddda41f084b03ac4bccbb0fbc8214feda66f625022f9ed1bd4a9587a19af39

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  ea9e177660eb79d3791f96304613657d605c7007310a27c83cd24742f1667e0f
- Size
  
  87KB
- MD5
  
  d623e16fd5b0cccb2ee19ce6fe0aef3e
- SHA1
  
  3a0645d9cae8f841fabaf3daf256527f479cf753
- SHA256
  
  ea9e177660eb79d3791f96304613657d605c7007310a27c83cd24742f1667e0f
- SHA512
  
  82461d1badf9f44286260891bab8dd34ad912ca256531046c685e04717810bca6fddda41f084b03ac4bccbb0fbc8214feda66f625022f9ed1bd4a9587a19af39
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2