systembc | 040aa152e739826874a268f4ffb8be80dd256e7817cdb2c25329d25a5264671e | Triage

Sharing

General

Target

cd48383befb4dce49fb855d64f500ca1.exe
Size

1.2MB
Sample

221116-wr35kscc65
MD5

cd48383befb4dce49fb855d64f500ca1
SHA1

af506733441826dbd789c972a2d627038c0c80af
SHA256

040aa152e739826874a268f4ffb8be80dd256e7817cdb2c25329d25a5264671e
SHA512

193aa7aae1f12f70b692e4bf5ac7ce8846256da76cbbdc68c1a9fe5746931cb92196ea1505ed49aab81bd45616eb7811940fbd29a83383ed95dd5f0336a9183f
SSDEEP

24576:jolGO8/6YpXCGf+SK/ftRnMh9+bTLWdaVom4v7FF:j0GL6YpZmSat5LWdNhF

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Targets

- Target
  
  cd48383befb4dce49fb855d64f500ca1.exe
- Size
  
  1.2MB
- MD5
  
  cd48383befb4dce49fb855d64f500ca1
- SHA1
  
  af506733441826dbd789c972a2d627038c0c80af
- SHA256
  
  040aa152e739826874a268f4ffb8be80dd256e7817cdb2c25329d25a5264671e
- SHA512
  
  193aa7aae1f12f70b692e4bf5ac7ce8846256da76cbbdc68c1a9fe5746931cb92196ea1505ed49aab81bd45616eb7811940fbd29a83383ed95dd5f0336a9183f
- SSDEEP
  
  24576:jolGO8/6YpXCGf+SK/ftRnMh9+bTLWdaVom4v7FF:j0GL6YpZmSat5LWdNhF
Score

10^/10

systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2