systembc | 2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec | Triage

Sharing

General

Target

2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec
Size

357KB
Sample

220418-maf42seea7
MD5

6adff82e37aadb238d58699f857e5f8b
SHA1

f779cdc5c8d6a8595a0850cb8fb7097e4f74f66d
SHA256

2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec
SHA512

e9edae21aa6708690ed8a7df2555e48121677d43f3994f2407ca4ead9ac775a02cb73e367830c9cd8f49587e43a7c5a546cc400c5a46ce00e9fef81f3fb4eb96

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

sdadvert197.com:4044

mexstat128.com:4044

Targets

- Target
  
  2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec
- Size
  
  357KB
- MD5
  
  6adff82e37aadb238d58699f857e5f8b
- SHA1
  
  f779cdc5c8d6a8595a0850cb8fb7097e4f74f66d
- SHA256
  
  2acd7bc3c78edc1630e17dd81edbccb0434e83d7100f08fcd4b4b6e0df9cb6ec
- SHA512
  
  e9edae21aa6708690ed8a7df2555e48121677d43f3994f2407ca4ead9ac775a02cb73e367830c9cd8f49587e43a7c5a546cc400c5a46ce00e9fef81f3fb4eb96
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2