systembc | 16975eee0891f39d99601cc61d163911ae9e30aaf194c7f70c67eb02bb66a81e | Triage

Sharing

General

Target

ac006a4066fd3316240b6fe107569209.exe
Size

742KB
Sample

221122-r1wdwaba9x
MD5

ac006a4066fd3316240b6fe107569209
SHA1

3a9fbfe82f5d259c36104df4206926d7a0cf82ef
SHA256

16975eee0891f39d99601cc61d163911ae9e30aaf194c7f70c67eb02bb66a81e
SHA512

c43ec5ff944f350b8582ffdf2dfa4d6e79013bc79ddc8ce4cd783b24609c496d8cc8004ddfb98bc35656c8014131803d7ebb462bd05e45153f289fb13a4a2201
SSDEEP

12288:rttTYdmKnGcSacTuDC8vidkVSGdNClgYcbRA3telMHpc1WPiML9B7uH04NqK3:BtTYdpSRj8ksQHelMJc1W/pB7eNL

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

C2

reverse222.com:4193

reverse11.com:4193

Targets

- Target
  
  ac006a4066fd3316240b6fe107569209.exe
- Size
  
  742KB
- MD5
  
  ac006a4066fd3316240b6fe107569209
- SHA1
  
  3a9fbfe82f5d259c36104df4206926d7a0cf82ef
- SHA256
  
  16975eee0891f39d99601cc61d163911ae9e30aaf194c7f70c67eb02bb66a81e
- SHA512
  
  c43ec5ff944f350b8582ffdf2dfa4d6e79013bc79ddc8ce4cd783b24609c496d8cc8004ddfb98bc35656c8014131803d7ebb462bd05e45153f289fb13a4a2201
- SSDEEP
  
  12288:rttTYdmKnGcSacTuDC8vidkVSGdNClgYcbRA3telMHpc1WPiML9B7uH04NqK3:BtTYdpSRj8ksQHelMJc1W/pB7eNL
Score

10^/10

persistence systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcpersistencetrojan