systembc | 42fe2bf7bdf6480dedb00e75fc557cf2d80eabada60c154f6fb12240160324a7 | Triage

Sharing

General

Target

42fe2bf7bdf6480dedb00e75fc557cf2d80eabada60c154f6fb12240160324a7
Size

1.7MB
Sample

221008-xy78jsfdhp
MD5

2c2b0c5eb7bcc3e5392285299859c9a2
SHA1

c1423f9d61c4c6d4ef166363dd1bafa48cb42c84
SHA256

42fe2bf7bdf6480dedb00e75fc557cf2d80eabada60c154f6fb12240160324a7
SHA512

a2209de9f29ec9f1a8899472171724364030221fb28b959714630d4885061d257bf4d1455e8dc9f5bb8ef72bd8ee01de428e5e2cfa8c686c844cc8560e42feb6
SSDEEP

24576:sDmORLSPhv9FqvHxk27d2pgp1vD+86Lepau11OmNbZrS//J+LXFpPmYwKFE5lrlG:sFLWJadb3LGeMu11nbNc/IOV5zVoA8

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Targets

- Target
  
  42fe2bf7bdf6480dedb00e75fc557cf2d80eabada60c154f6fb12240160324a7
- Size
  
  1.7MB
- MD5
  
  2c2b0c5eb7bcc3e5392285299859c9a2
- SHA1
  
  c1423f9d61c4c6d4ef166363dd1bafa48cb42c84
- SHA256
  
  42fe2bf7bdf6480dedb00e75fc557cf2d80eabada60c154f6fb12240160324a7
- SHA512
  
  a2209de9f29ec9f1a8899472171724364030221fb28b959714630d4885061d257bf4d1455e8dc9f5bb8ef72bd8ee01de428e5e2cfa8c686c844cc8560e42feb6
- SSDEEP
  
  24576:sDmORLSPhv9FqvHxk27d2pgp1vD+86Lepau11OmNbZrS//J+LXFpPmYwKFE5lrlG:sFLWJadb3LGeMu11nbNc/IOV5zVoA8
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Peripheral Device Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1