systembc | e813bbd838ee06d2af4c0ac30a87f040f763abc993c6139aa830c37d1a0310e8 | Triage

Sharing

General

Target

e813bbd838ee06d2af4c0ac30a87f040f763abc993c6139aa830c37d1a0310e8
Size

356KB
Sample

220418-l8dadaeda5
MD5

c851a0d3a2cb3e759e85d73f48437fe1
SHA1

3210b9c823d8c1d75f2770884abc1c675db8081b
SHA256

e813bbd838ee06d2af4c0ac30a87f040f763abc993c6139aa830c37d1a0310e8
SHA512

a3b42489df794cffe8b539199dcfcb18dead5d820c6325f0e75cdd40abe6e67309c6980a8667da6905b0aa6dc000306c8a778ce125c5e4b54f0036e95983a9a0

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

sdadvert197.com:4044

mexstat128.com:4044

Targets

- Target
  
  e813bbd838ee06d2af4c0ac30a87f040f763abc993c6139aa830c37d1a0310e8
- Size
  
  356KB
- MD5
  
  c851a0d3a2cb3e759e85d73f48437fe1
- SHA1
  
  3210b9c823d8c1d75f2770884abc1c675db8081b
- SHA256
  
  e813bbd838ee06d2af4c0ac30a87f040f763abc993c6139aa830c37d1a0310e8
- SHA512
  
  a3b42489df794cffe8b539199dcfcb18dead5d820c6325f0e75cdd40abe6e67309c6980a8667da6905b0aa6dc000306c8a778ce125c5e4b54f0036e95983a9a0
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2