Description
SystemBC is a proxy and remote administration tool first seen in 2019.
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
General
Target
Size
Sample
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
265KB
220427-tehxrsfhcr
Score
10 /10
MD5
SHA1
SHA256
SHA512
b15da1de33a731f12b3574c1e6845a1c
08c12f9d8032dcb1f465cb1b57b8c2bc267f2ba6
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
3df7cfa9fabd23119d8dbc1f99aafca7388aaae14fcdb9283fed7f7c29930ef9e2129160b94887371c1bdd78083fa3d57171b2405bd686a255b22fb5950f618f
Malware Config
Extracted
| Family | systembc |
| C2 |
advertrex20.xyz:4044 gentexman37.xyz:4044 |
Targets
Target
MD5
Filesize
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
b15da1de33a731f12b3574c1e6845a1c
265KB
Score
10/10
SHA1
SHA256
SHA512
08c12f9d8032dcb1f465cb1b57b8c2bc267f2ba6
35081647c14bfe19928e04f3c04fec9f9a66e98b364d0d27f3f057b0f98186f1
3df7cfa9fabd23119d8dbc1f99aafca7388aaae14fcdb9283fed7f7c29930ef9e2129160b94887371c1bdd78083fa3d57171b2405bd686a255b22fb5950f618f
Tags
Signatures
-
SystemBC
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
Description
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
Tags
-
Executes dropped EXE
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Description
Malware can proxy its traffic through Tor for more anonymity.
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks