systembc | 4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3 | Triage

Sharing

General

Target

4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3
Size

86KB
Sample

220328-v86flacfh9
MD5

15fc2174c2ae34b7fe7cd171779fecf2
SHA1

91a705af5d47a7e96b04f79c065a2d19fbc7916a
SHA256

4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3
SHA512

b2cc0196feb948c1084f6de526b39ace1b3ff85c0824947bc4f2420a1583967194be5190a7752a872628e089acdd9730dd88188ee08123c0460307a86bfa6ba5

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3
- Size
  
  86KB
- MD5
  
  15fc2174c2ae34b7fe7cd171779fecf2
- SHA1
  
  91a705af5d47a7e96b04f79c065a2d19fbc7916a
- SHA256
  
  4998be5d75d44d405ec6144f6fbc13083d58dfb38b1d309004ac2c6aa82d13b3
- SHA512
  
  b2cc0196feb948c1084f6de526b39ace1b3ff85c0824947bc4f2420a1583967194be5190a7752a872628e089acdd9730dd88188ee08123c0460307a86bfa6ba5
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2