systembc | 31fc239f5d0aa2a4496d5a3bf56c77cfad7d0b7fd68e3b4d2784b82c8105502f | Triage

Sharing

General

Target

31fc239f5d0aa2a4496d5a3bf56c77cfad7d0b7fd68e3b4d2784b82c8105502f
Size

157KB
Sample

220328-wnmcnadab3
MD5

f4a85ad0057ce4c4a622471228cb2e6c
SHA1

24c344f1a33b3e6d2bd8fd301475c23bb8a6f30f
SHA256

31fc239f5d0aa2a4496d5a3bf56c77cfad7d0b7fd68e3b4d2784b82c8105502f
SHA512

03a4116994862357b8b162595c1ea3a5019a38411cedefcd2bed8f26bc60ca4204be1d3ea9bda306365a46cf1f43deeb90d848853238944b803fa77759911f0c

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  31fc239f5d0aa2a4496d5a3bf56c77cfad7d0b7fd68e3b4d2784b82c8105502f
- Size
  
  157KB
- MD5
  
  f4a85ad0057ce4c4a622471228cb2e6c
- SHA1
  
  24c344f1a33b3e6d2bd8fd301475c23bb8a6f30f
- SHA256
  
  31fc239f5d0aa2a4496d5a3bf56c77cfad7d0b7fd68e3b4d2784b82c8105502f
- SHA512
  
  03a4116994862357b8b162595c1ea3a5019a38411cedefcd2bed8f26bc60ca4204be1d3ea9bda306365a46cf1f43deeb90d848853238944b803fa77759911f0c
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2