Overview

overview

10

Static

static

189e395afb...90.exe

windows7-x64

1

189e395afb...90.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    189e395afb4efe7bc8e300b644c1b290

  • Size

    1.8MB

  • Sample

    221128-3nkx6abh88

  • MD5

    189e395afb4efe7bc8e300b644c1b290

  • SHA1

    eabb53d1508bc5855360b387beb91429eff26f60

  • SHA256

    b1852de0ce746f19baffdcb3a694b3a65a5dc813e2dfc0046da9474401f1ecbb

  • SHA512

    90ae2566ca1b63840c9a088b754c7097e823a4c24ea7436948c2566d052031f7f18d9666e4e150eed2e09b76df14b41c1e6fd1975ee0dd89baca5602c72b0141

  • SSDEEP

    49152:rOf7VkgZ41jwavGHKtNq8zE6AIQwX+LwULebD/M:rOfBx41PvrtNlAchOLIM

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Targets

    • Target

      189e395afb4efe7bc8e300b644c1b290

    • Size

      1.8MB

    • MD5

      189e395afb4efe7bc8e300b644c1b290

    • SHA1

      eabb53d1508bc5855360b387beb91429eff26f60

    • SHA256

      b1852de0ce746f19baffdcb3a694b3a65a5dc813e2dfc0046da9474401f1ecbb

    • SHA512

      90ae2566ca1b63840c9a088b754c7097e823a4c24ea7436948c2566d052031f7f18d9666e4e150eed2e09b76df14b41c1e6fd1975ee0dd89baca5602c72b0141

    • SSDEEP

      49152:rOf7VkgZ41jwavGHKtNq8zE6AIQwX+LwULebD/M:rOfBx41PvrtNlAchOLIM

    Score
    10/10
    systembctrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks