systembc | 4119afdd7fb25978a0f7fa74cdb6be97df0a67ddc3607efbce5de855d9a765d2 | Triage

Sharing

General

Target

61f9d2b055b4c6b2fcd157f73ae63cd1.exe.vir
Size

1.5MB
Sample

220930-sw1ngaehcl
MD5

61f9d2b055b4c6b2fcd157f73ae63cd1
SHA1

f4e42225c42c5378ccd4e03b7ccb465d79797388
SHA256

4119afdd7fb25978a0f7fa74cdb6be97df0a67ddc3607efbce5de855d9a765d2
SHA512

58e321c0d746ed4da8f7bbe19c4524544449a67f1f84b5cb87b3c64107bf6639ed0f163d5f5f8cfa58cbd7dbfacb12439cfea5376dc052f271df124e09fe2c3e
SSDEEP

24576:277xjRO4/1gy4+aDckmi7DaC+V+aqaGI5KMADy2n1Cpp4c7cxXZh:c7xjRJgywDCyDSWaCM0y2ngHdm7

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Targets

- Target
  
  61f9d2b055b4c6b2fcd157f73ae63cd1.exe.vir
- Size
  
  1.5MB
- MD5
  
  61f9d2b055b4c6b2fcd157f73ae63cd1
- SHA1
  
  f4e42225c42c5378ccd4e03b7ccb465d79797388
- SHA256
  
  4119afdd7fb25978a0f7fa74cdb6be97df0a67ddc3607efbce5de855d9a765d2
- SHA512
  
  58e321c0d746ed4da8f7bbe19c4524544449a67f1f84b5cb87b3c64107bf6639ed0f163d5f5f8cfa58cbd7dbfacb12439cfea5376dc052f271df124e09fe2c3e
- SSDEEP
  
  24576:277xjRO4/1gy4+aDckmi7DaC+V+aqaGI5KMADy2n1Cpp4c7cxXZh:c7xjRJgywDCyDSWaCM0y2ngHdm7
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2