systembc | 334dba14bdaaf0e6d98acca65f44f4bfecd6c2039bdad7d88372d2e930694fe0 | Triage

Sharing

General

Target

334dba14bdaaf0e6d98acca65f44f4bfecd6c2039bdad7d88372d2e930694fe0
Size

1.7MB
Sample

221006-17hk2aahf7
MD5

9f1ee8f251ec26f536edf38b368e4f78
SHA1

118fe1682bdd48ceba385c533b0ce037ab91221e
SHA256

334dba14bdaaf0e6d98acca65f44f4bfecd6c2039bdad7d88372d2e930694fe0
SHA512

e8c6161f63cbe2a7a09568bd35873f47b9dc398ba227acc46d741b5e0c6b019eb8f4e3b2f265301141af840a57e50ee9e6edc8ee93176c276d6a9f4b128fc870
SSDEEP

24576:WknrSvBr35WBswoXagv9k99gLGJlbVkCZ6qNJJsUtFvw8GFZxSjAUzc2YbEgZhEt:prSWSCgCJ13vJLYf2eZ6f

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Targets

- Target
  
  334dba14bdaaf0e6d98acca65f44f4bfecd6c2039bdad7d88372d2e930694fe0
- Size
  
  1.7MB
- MD5
  
  9f1ee8f251ec26f536edf38b368e4f78
- SHA1
  
  118fe1682bdd48ceba385c533b0ce037ab91221e
- SHA256
  
  334dba14bdaaf0e6d98acca65f44f4bfecd6c2039bdad7d88372d2e930694fe0
- SHA512
  
  e8c6161f63cbe2a7a09568bd35873f47b9dc398ba227acc46d741b5e0c6b019eb8f4e3b2f265301141af840a57e50ee9e6edc8ee93176c276d6a9f4b128fc870
- SSDEEP
  
  24576:WknrSvBr35WBswoXagv9k99gLGJlbVkCZ6qNJJsUtFvw8GFZxSjAUzc2YbEgZhEt:prSWSCgCJ13vJLYf2eZ6f
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2