systembc | 03c4a886c03d8eed421aa32b2df96d4b9a107d09aa5d797e69791b1b92794519 | Triage

Sharing

General

Target

9d8203962d8b5788b97804558e4347eb.exe
Size

1.5MB
Sample

221001-jh493agfhj
MD5

9d8203962d8b5788b97804558e4347eb
SHA1

fbfec5c5bc40fab91e44e347d3429aa773968e06
SHA256

03c4a886c03d8eed421aa32b2df96d4b9a107d09aa5d797e69791b1b92794519
SHA512

a39ad21c40e6a623cfc1c9f8919b413af966f90e8847c2dcca7a85bca5908de0837a5ac11ba997ea0ee6e931775c0a01806b81f1f7a384d2294476c939ce6855
SSDEEP

24576:277xjRO4/1gy4+aDckmi7DaC+V+aqaGI5KMADy2n1Cpp4c7cxXZw:c7xjRJgywDCyDSWaCM0y2ngHdmu

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Targets

- Target
  
  9d8203962d8b5788b97804558e4347eb.exe
- Size
  
  1.5MB
- MD5
  
  9d8203962d8b5788b97804558e4347eb
- SHA1
  
  fbfec5c5bc40fab91e44e347d3429aa773968e06
- SHA256
  
  03c4a886c03d8eed421aa32b2df96d4b9a107d09aa5d797e69791b1b92794519
- SHA512
  
  a39ad21c40e6a623cfc1c9f8919b413af966f90e8847c2dcca7a85bca5908de0837a5ac11ba997ea0ee6e931775c0a01806b81f1f7a384d2294476c939ce6855
- SSDEEP
  
  24576:277xjRO4/1gy4+aDckmi7DaC+V+aqaGI5KMADy2n1Cpp4c7cxXZw:c7xjRJgywDCyDSWaCM0y2ngHdmu
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2