systembc | 67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7 | Triage

Sharing

General

Target

67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7
Size

381KB
Sample

220418-l9m6zaedf2
MD5

8be0b78e7331f8376298b9c1f22dd340
SHA1

8af6cfecea6e51d6e92fb7a0b15b095c2cb2475e
SHA256

67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7
SHA512

f6cca3801b883d971bc4af10dbccb1f018084a18c8f71dd5bb14610aacffdda18057340dd4e88e49d681f6f91141b562a9fb8162c994f3ef6fc45207f65af9f8

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

sdadvert197.com:4044

mexstat128.com:4044

Targets

- Target
  
  67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7
- Size
  
  381KB
- MD5
  
  8be0b78e7331f8376298b9c1f22dd340
- SHA1
  
  8af6cfecea6e51d6e92fb7a0b15b095c2cb2475e
- SHA256
  
  67473fb1c8ccc03f6415b2a9d2c20ceaa6ad08c867a15cf69d07ea17cf9c98f7
- SHA512
  
  f6cca3801b883d971bc4af10dbccb1f018084a18c8f71dd5bb14610aacffdda18057340dd4e88e49d681f6f91141b562a9fb8162c994f3ef6fc45207f65af9f8
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2