systembc | ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2 | Triage

Submit
Reports

Overview

overview

Static

static

winprofile

windows7-x64

winprofile

windows10-1703-x64

Sharing

General

Target

ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2
Size

246KB
Sample

220924-18a8cacca3
MD5

e6315c0db5f71599df36d466d4a625cc
SHA1

d5c3975b8eee303d5dc5d5f273c59ba4d810bc23
SHA256

ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2
SHA512

6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0
SSDEEP

3072:igrSLIRLP9sEd7LyJLRRY5cjM2P9Q85i8u0TRki1duyuybAugRv8P3wbbD03QN4k:xLW/4j8u0TjcYYRg3CAQN4Ap

Score

10^/10

systembc persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exe

Resource

win7-20220812-en

systembc persistence spyware stealer trojan upx

windows7-x64

13 signatures

300 seconds

Behavioral task

behavioral2

Sample

ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2.exe

Resource

win10-20220812-en

systembc persistence spyware stealer trojan upx

windows10-1703-x64

12 signatures

300 seconds

Malware Config

Extracted

Family

systembc

C2

109.107.187.226:4001

Targets

- Target
  
  ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2
- Size
  
  246KB
- MD5
  
  e6315c0db5f71599df36d466d4a625cc
- SHA1
  
  d5c3975b8eee303d5dc5d5f273c59ba4d810bc23
- SHA256
  
  ee37368824372234e4ac430592ac3286044e692adab63a11f00b7023e8025cb2
- SHA512
  
  6846d951e9d6c3c2f6af44c669f539ab64c6c73a39b5de7db9637cd40e105f98c4c7d007a7691ba4db942721cc22757e0a72080552ac7d54db008beb5f5c5cd0
- SSDEEP
  
  3072:igrSLIRLP9sEd7LyJLRRY5cjM2P9Q85i8u0TRki1duyuybAugRv8P3wbbD03QN4k:xLW/4j8u0TjcYYRg3CAQN4Ap
Score

10^/10

systembc persistence spyware stealer trojan upx
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Registry Run Keys / Startup Folder

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

systembcpersistencespywarestealertrojanupx

behavioral2

systembcpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy