systembc | f20e20ff3c842b2867e3693cb3990f95bbaba68ae137f8180174f33b0a5fca71 | Triage

Sharing

General

Target

f20e20ff3c842b2867e3693cb3990f95bbaba68ae137f8180174f33b0a5fca71
Size

175KB
Sample

220330-kqkq3aagh7
MD5

f92ae41df8ed7fd3e321086d73043695
SHA1

b094f61697326340b431ba5c70bdd389896cdb16
SHA256

f20e20ff3c842b2867e3693cb3990f95bbaba68ae137f8180174f33b0a5fca71
SHA512

5ddfc903068b067c4cf16163c9877e4f088b3fae1c4800dd461992298020c047971dfd74c9e32b667481787a4189b8d5492bee6340ac8f1da8b5cd15e81593cf

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  f20e20ff3c842b2867e3693cb3990f95bbaba68ae137f8180174f33b0a5fca71
- Size
  
  175KB
- MD5
  
  f92ae41df8ed7fd3e321086d73043695
- SHA1
  
  b094f61697326340b431ba5c70bdd389896cdb16
- SHA256
  
  f20e20ff3c842b2867e3693cb3990f95bbaba68ae137f8180174f33b0a5fca71
- SHA512
  
  5ddfc903068b067c4cf16163c9877e4f088b3fae1c4800dd461992298020c047971dfd74c9e32b667481787a4189b8d5492bee6340ac8f1da8b5cd15e81593cf
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2