systembc | b2fddc79dd5fbe683e9b8737304494e5b5ebf993382714f3a27c045cb3d7f816 | Triage

Sharing

General

Target

b2fddc79dd5fbe683e9b8737304494e5b5ebf993382714f3a27c045cb3d7f816
Size

89KB
Sample

220418-bpghksdebp
MD5

ef794afbd770b7ee3c8a9ccffb9810fe
SHA1

1bc62eeef9f672fbde7df2de77b15b25dbc87610
SHA256

b2fddc79dd5fbe683e9b8737304494e5b5ebf993382714f3a27c045cb3d7f816
SHA512

bc2539be88630e38ebbf27ee603c666815be68f3a45a0b8c04e2df59c77fba094f71f5e1f40789ac558201e7a183b63a379526848cfb35ea724464ee3436d47d

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

23hfdne.com:4035

23hfdne.xyz:4035

Targets

- Target
  
  b2fddc79dd5fbe683e9b8737304494e5b5ebf993382714f3a27c045cb3d7f816
- Size
  
  89KB
- MD5
  
  ef794afbd770b7ee3c8a9ccffb9810fe
- SHA1
  
  1bc62eeef9f672fbde7df2de77b15b25dbc87610
- SHA256
  
  b2fddc79dd5fbe683e9b8737304494e5b5ebf993382714f3a27c045cb3d7f816
- SHA512
  
  bc2539be88630e38ebbf27ee603c666815be68f3a45a0b8c04e2df59c77fba094f71f5e1f40789ac558201e7a183b63a379526848cfb35ea724464ee3436d47d
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2