systembc | ce3a7357d8daa56b8f02b6ee0af00737c7e1feaa051bf8471dafcc04cafc5ca9 | Triage

Sharing

General

Target

ce3a7357d8daa56b8f02b6ee0af00737c7e1feaa051bf8471dafcc04cafc5ca9
Size

250KB
Sample

220914-lasx6shgd4
MD5

39a0d9ae63c42534e18f17d903a2f7a6
SHA1

be6e0ca2b86f4ea632abdc02322091d69f31f87d
SHA256

ce3a7357d8daa56b8f02b6ee0af00737c7e1feaa051bf8471dafcc04cafc5ca9
SHA512

fe89f679409d2db3c3ab4d30c5c6962dd4d2ee46f154a65ff73d9a4e990b7dbfa9b909ad3026f5c709086b10e1fa7bd92d1fd52aa7ee235c2c69b9aff631dbe0
SSDEEP

6144:2BohTbNI2bRNDZJSyL/iKHhZHk+vlwmjSW:Mab62bRNDZJSUi5+l

Score

10^/10

systembc bootkit persistence trojan

Malware Config

Extracted

Family

systembc

C2

146.70.101.95:4001

Targets

- Target
  
  ce3a7357d8daa56b8f02b6ee0af00737c7e1feaa051bf8471dafcc04cafc5ca9
- Size
  
  250KB
- MD5
  
  39a0d9ae63c42534e18f17d903a2f7a6
- SHA1
  
  be6e0ca2b86f4ea632abdc02322091d69f31f87d
- SHA256
  
  ce3a7357d8daa56b8f02b6ee0af00737c7e1feaa051bf8471dafcc04cafc5ca9
- SHA512
  
  fe89f679409d2db3c3ab4d30c5c6962dd4d2ee46f154a65ff73d9a4e990b7dbfa9b909ad3026f5c709086b10e1fa7bd92d1fd52aa7ee235c2c69b9aff631dbe0
- SSDEEP
  
  6144:2BohTbNI2bRNDZJSyL/iKHhZHk+vlwmjSW:Mab62bRNDZJSUi5+l
Score

10^/10

systembc bootkit persistence trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Deletes itself
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

systembcbootkitpersistencetrojan