systembc | b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152 | Triage

Sharing

General

Target

b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152
Size

98KB
Sample

220328-wg9vdahbel
MD5

b0a7c828e9567926e1e6f7d846472d4e
SHA1

350ef211ce98cebdd6ac0a2260a53c16197d65fb
SHA256

b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152
SHA512

326bc5717f4fe6767a0708b31ca68eb8dd87309ead3693707b803581f8d743705195f5ffd7b006d5b6ad5f84d60bac48f889c1d85578e0dd9947e6ab28a7bf77

Score

10^/10

systembc suricata trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152
- Size
  
  98KB
- MD5
  
  b0a7c828e9567926e1e6f7d846472d4e
- SHA1
  
  350ef211ce98cebdd6ac0a2260a53c16197d65fb
- SHA256
  
  b7a122f6adabcddb7744f3a31e593f5f4ad80e0d433eee8b6d61c13e86731152
- SHA512
  
  326bc5717f4fe6767a0708b31ca68eb8dd87309ead3693707b803581f8d743705195f5ffd7b006d5b6ad5f84d60bac48f889c1d85578e0dd9947e6ab28a7bf77
Score

10^/10

systembc suricata trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
  suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
  suricata
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembcsuricatatrojan

behavioral2

systembcsuricatatrojan