systembc | 7180bbdc3ec4a9ce298d39e9ecf5bfb1e818f749299cb5ebeb00e60503798478 | Triage

Submit
Reports

Overview

overview

Static

static

7180bbdc3e...78.exe

windows7_x64

7180bbdc3e...78.exe

windows10-2004_x64

Sharing

General

Target

7180bbdc3ec4a9ce298d39e9ecf5bfb1e818f749299cb5ebeb00e60503798478
Size

308KB
Sample

220328-egkf2scber
MD5

1316e7d18ac7d4f2b00115ce31b7cc32
SHA1

8012ac64c5bbd3e0c93bcc9f3aa4d72dad4acd26
SHA256

7180bbdc3ec4a9ce298d39e9ecf5bfb1e818f749299cb5ebeb00e60503798478
SHA512

315c117c212e8a764db4f9c233052dfa826df25faee603e82c5beb744ad15ea6eabb6703b497675dcdf752993481ce4a36fbd2d8730b36bf2a125b243bf5c4c2

Score

10^/10

systembc suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

7180bbdc3ec4a9ce298d39e9ecf5bfb1e818f749299cb5ebeb00e60503798478.exe

Resource

win7-20220331-en

systembc suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7180bbdc3ec4a9ce298d39e9ecf5bfb1e818f749299cb5ebeb00e60503798478.exe

Resource

win10v2004-20220331-en

systembc suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  7180bbdc3ec4a9ce298d39e9ecf5bfb1e818f749299cb5ebeb00e60503798478
- Size
  
  308KB
- MD5
  
  1316e7d18ac7d4f2b00115ce31b7cc32
- SHA1
  
  8012ac64c5bbd3e0c93bcc9f3aa4d72dad4acd26
- SHA256
  
  7180bbdc3ec4a9ce298d39e9ecf5bfb1e818f749299cb5ebeb00e60503798478
- SHA512
  
  315c117c212e8a764db4f9c233052dfa826df25faee603e82c5beb744ad15ea6eabb6703b497675dcdf752993481ce4a36fbd2d8730b36bf2a125b243bf5c4c2
Score

10^/10

systembc suricata trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
  suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
  suricata
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembcsuricatatrojan

behavioral2

systembcsuricatatrojan

© 2018-2024

Terms | Privacy