systembc | 17afe1971ecfe1ba3fb63253a5aa773106ce132395d70e92f9f2227d85cd9c55 | Triage

Sharing

General

Target

17afe1971ecfe1ba3fb63253a5aa773106ce132395d70e92f9f2227d85cd9c55
Size

90KB
Sample

220418-e9kyaaddd8
MD5

50b7c39b62eed16c581f6f2d8b7f65fe
SHA1

462a4116dacd8e41e07a97c2e034653deba7eaba
SHA256

17afe1971ecfe1ba3fb63253a5aa773106ce132395d70e92f9f2227d85cd9c55
SHA512

b4e5f2ae8bae802fb9b0c1dd1ca5f1e62516927a28d5bf7921b9e7e2f0e91a1605b5cd359a51226a166f6df5caddb04f2cc155a2b7751411e5740e14fcefe7d9

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

23hfdne.com:4035

23hfdne.xyz:4035

Targets

- Target
  
  17afe1971ecfe1ba3fb63253a5aa773106ce132395d70e92f9f2227d85cd9c55
- Size
  
  90KB
- MD5
  
  50b7c39b62eed16c581f6f2d8b7f65fe
- SHA1
  
  462a4116dacd8e41e07a97c2e034653deba7eaba
- SHA256
  
  17afe1971ecfe1ba3fb63253a5aa773106ce132395d70e92f9f2227d85cd9c55
- SHA512
  
  b4e5f2ae8bae802fb9b0c1dd1ca5f1e62516927a28d5bf7921b9e7e2f0e91a1605b5cd359a51226a166f6df5caddb04f2cc155a2b7751411e5740e14fcefe7d9
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2