systembc | da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24 | Triage

Submit
Reports

Overview

overview

Static

static

da7a3b341c...24.exe

windows7_x64

da7a3b341c...24.exe

windows10-2004_x64

Sharing

General

Target

da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24
Size

87KB
Sample

220414-hncassadck
MD5

dbfa6717c7f896d0d19696866e0dba24
SHA1

78426c577a9d521f96010efaa8d1038773e5f853
SHA256

da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24
SHA512

5f4601e79e2b2348dfcd56eac79c85160545d3c279bc1027c14aa533a38f0ecd457575144eb4485fbd5d580c7a2865e9bd6aa12f2df123ab8dff888ca586a249

Score

10^/10

systembc suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24.exe

Resource

win7-20220331-en

systembc suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24.exe

Resource

win10v2004-20220310-en

systembc suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24
- Size
  
  87KB
- MD5
  
  dbfa6717c7f896d0d19696866e0dba24
- SHA1
  
  78426c577a9d521f96010efaa8d1038773e5f853
- SHA256
  
  da7a3b341caea242aa95018d0e629b2ddc823763b721aeccdb1c9884d8f9ef24
- SHA512
  
  5f4601e79e2b2348dfcd56eac79c85160545d3c279bc1027c14aa533a38f0ecd457575144eb4485fbd5d580c7a2865e9bd6aa12f2df123ab8dff888ca586a249
Score

10^/10

systembc suricata trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
  suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
  suricata
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembcsuricatatrojan

behavioral2

systembcsuricatatrojan

© 2018-2024

Terms | Privacy