Overview

overview

10

Static

static

bb8dba7e21...4e.exe

windows7_x64

10

bb8dba7e21...4e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bb8dba7e21b5f0720407e0acdde6a34e.exe

  • Size

    373KB

  • Sample

    220521-rzpvpshfh4

  • MD5

    bb8dba7e21b5f0720407e0acdde6a34e

  • SHA1

    27e708c7940708ec158245bfb7f9f671f6664b13

  • SHA256

    d94e02cfb25da71355a6d85538a24374c050962c4e027eaae2e230fe52514e2a

  • SHA512

    b83aedd35920a402033d9381d67d5ade247afe55c8c5d7fc0eb5ee79d0c5cd69bd3e2538881e7d8d2bdcf04b65219f802d038b1757a395709e20b52462d12266

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

135.125.248.50:443

146.70.53.169:443

Targets

    • Target

      bb8dba7e21b5f0720407e0acdde6a34e.exe

    • Size

      373KB

    • MD5

      bb8dba7e21b5f0720407e0acdde6a34e

    • SHA1

      27e708c7940708ec158245bfb7f9f671f6664b13

    • SHA256

      d94e02cfb25da71355a6d85538a24374c050962c4e027eaae2e230fe52514e2a

    • SHA512

      b83aedd35920a402033d9381d67d5ade247afe55c8c5d7fc0eb5ee79d0c5cd69bd3e2538881e7d8d2bdcf04b65219f802d038b1757a395709e20b52462d12266

    Score
    10/10
    systembctrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks