systembc | 1584b24459df523db2d980cb45d3f3c4f010ed2c5b7f79312faad51ab3ee2abc | Triage

Sharing

General

Target

tmp
Size

62KB
Sample

220912-fe5jwacfc2
MD5

372c389955436b05a3e27c628f2f3dd6
SHA1

9b0e47953cfc4e4b314123966591cd72b3531426
SHA256

1584b24459df523db2d980cb45d3f3c4f010ed2c5b7f79312faad51ab3ee2abc
SHA512

8b9b41953739028ab668e39a95c974df6e0132fa6d85c29b1fcefcbc9c25b02ffcd1eb71c7a6a4814c5a624a99c279b752b705d286933bb71f798f37e706a40c
SSDEEP

1536:LjO/wOIXQFwWyE2IIq6KwTypLwCV/Gg3xLFrHtDGGZu:djXCwMIqnwTypLZ/PxrHtDpu

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

31.41.244.183:4257

194.36.177.46:4257

Targets

- Target
  
  tmp
- Size
  
  62KB
- MD5
  
  372c389955436b05a3e27c628f2f3dd6
- SHA1
  
  9b0e47953cfc4e4b314123966591cd72b3531426
- SHA256
  
  1584b24459df523db2d980cb45d3f3c4f010ed2c5b7f79312faad51ab3ee2abc
- SHA512
  
  8b9b41953739028ab668e39a95c974df6e0132fa6d85c29b1fcefcbc9c25b02ffcd1eb71c7a6a4814c5a624a99c279b752b705d286933bb71f798f37e706a40c
- SSDEEP
  
  1536:LjO/wOIXQFwWyE2IIq6KwTypLwCV/Gg3xLFrHtDGGZu:djXCwMIqnwTypLZ/PxrHtDpu
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2