systembc | 825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1 | Triage

Sharing

General

Target

825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1
Size

109KB
Sample

220328-wh2kdschc7
MD5

fe5027423ed1c90793454939d6133215
SHA1

3b6595f5c588f567de48862f0125ba05170c7340
SHA256

825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1
SHA512

f6447b4a0d09a49a568b4c77eb1c9b183d8e9d2c30b8d2fa74a4113cffdb02343b0470c97e46f572f7d2c470b6c276de49ca4041d45fec9107d15852e40dd3b4

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1
- Size
  
  109KB
- MD5
  
  fe5027423ed1c90793454939d6133215
- SHA1
  
  3b6595f5c588f567de48862f0125ba05170c7340
- SHA256
  
  825cd09f1e55ed54d6c147ee95d575e6089394f6c56ba87fd5a3ae5439c841c1
- SHA512
  
  f6447b4a0d09a49a568b4c77eb1c9b183d8e9d2c30b8d2fa74a4113cffdb02343b0470c97e46f572f7d2c470b6c276de49ca4041d45fec9107d15852e40dd3b4
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2