systembc | 8e853d68c303ff55e85082e83b45978a13fc2821a8363a1c1ad50cc2ddb6eb41 | Triage

Sharing

General

Target

8e853d68c303ff55e85082e83b45978a13fc2821a8363a1c1ad50cc2ddb6eb41
Size

318KB
Sample

220415-cr4assccc8
MD5

69ab4ae7051a7962e610f4a8cc56d634
SHA1

9275cfb1e28dc75e614ab1fc6b7d0783a556cce1
SHA256

8e853d68c303ff55e85082e83b45978a13fc2821a8363a1c1ad50cc2ddb6eb41
SHA512

521486297dc22c5f6e02dda6bca8789a13ed5d6d91bc1fed1342bcfcfabac3f0771e057d5afc1af1be8ca9552b80a0e81b93e7b5a90c81c803b2eb3485285c7f

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  8e853d68c303ff55e85082e83b45978a13fc2821a8363a1c1ad50cc2ddb6eb41
- Size
  
  318KB
- MD5
  
  69ab4ae7051a7962e610f4a8cc56d634
- SHA1
  
  9275cfb1e28dc75e614ab1fc6b7d0783a556cce1
- SHA256
  
  8e853d68c303ff55e85082e83b45978a13fc2821a8363a1c1ad50cc2ddb6eb41
- SHA512
  
  521486297dc22c5f6e02dda6bca8789a13ed5d6d91bc1fed1342bcfcfabac3f0771e057d5afc1af1be8ca9552b80a0e81b93e7b5a90c81c803b2eb3485285c7f
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2