Description
SystemBC is a proxy and remote administration tool first seen in 2019.
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
General
Target
Size
Sample
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
94KB
220508-gmbr7sgff9
Score
10 /10
MD5
SHA1
SHA256
SHA512
8d63b4b33f84d55f999fe7f2c07f1898
4b72592eb314d60c52e7dc13a4c99b5afb902bf3
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
d734614ccba6dd7f3e84e5a39484a45bead737f3d27ab7dbc62654c5a7ea96133c68b02f0e63a073e29105a05ebd2120dd2156d63c901eabad096c65a0e7f263
Malware Config
Extracted
| Family | systembc |
| C2 |
sdadvert197.com:4044 mexstat128.com:4044 |
Targets
Target
MD5
Filesize
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
8d63b4b33f84d55f999fe7f2c07f1898
94KB
Score
10/10
SHA1
SHA256
SHA512
4b72592eb314d60c52e7dc13a4c99b5afb902bf3
3c8bd18b6c4245a7a6279de001da2ae03504a0060e9b61378836dbaf9d6d940e
d734614ccba6dd7f3e84e5a39484a45bead737f3d27ab7dbc62654c5a7ea96133c68b02f0e63a073e29105a05ebd2120dd2156d63c901eabad096c65a0e7f263
Tags
Signatures
-
SystemBC
-
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
Description
suricata: ET MALWARE Observed SystemBC CnC Domain in DNS Query
Tags
-
Executes dropped EXE
-
Looks up external IP address via web service
Description
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications
Description
Malware can proxy its traffic through Tor for more anonymity.
TTPs
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks