Overview

overview

10

Static

static

dridex

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbc4c0e56dcac928d038cfd389a3564308a0d3aac9370d0030c176b9ae2f65bc

  • Size

    302KB

  • Sample

    221122-rkyjasfa97

  • MD5

    2369b8389f5100dc5709ebbb4ae1eb28

  • SHA1

    9c4781ff0e609441c925b2378b8b119504e9833b

  • SHA256

    bbc4c0e56dcac928d038cfd389a3564308a0d3aac9370d0030c176b9ae2f65bc

  • SHA512

    b609251cc456411bd70802ec2df25cace9569e385d3ec0452a1b0a99c0acde582a63c28c34a249881e91243570a1faf18d4b0b701e0bdc3fbd5bb43b5f98d9fe

  • SSDEEP

    6144:hPfCZPTKcJhqkDh6Z05O22tThsIeGjY6:UN+cnvMZ/22ZVE

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

89.248.163.218:443

Targets

    • Target

      bbc4c0e56dcac928d038cfd389a3564308a0d3aac9370d0030c176b9ae2f65bc

    • Size

      302KB

    • MD5

      2369b8389f5100dc5709ebbb4ae1eb28

    • SHA1

      9c4781ff0e609441c925b2378b8b119504e9833b

    • SHA256

      bbc4c0e56dcac928d038cfd389a3564308a0d3aac9370d0030c176b9ae2f65bc

    • SHA512

      b609251cc456411bd70802ec2df25cace9569e385d3ec0452a1b0a99c0acde582a63c28c34a249881e91243570a1faf18d4b0b701e0bdc3fbd5bb43b5f98d9fe

    • SSDEEP

      6144:hPfCZPTKcJhqkDh6Z05O22tThsIeGjY6:UN+cnvMZ/22ZVE

    Score
    10/10
    systembctrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Deletes itself

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks