systembc | 22ead9286bd771170d6b0dc050c67ff487e140918e9f0b529cde4d867dee9b55 | Triage

Resubmissions

07-12-2022 05:42

221207-gd3jkaaa78 10

07-12-2022 05:18

221207-fzf21sbd7s 10

Sharing

General

Target

22ead9286bd771170d6b0dc050c67ff487e140918e9f0b529cde4d867dee9b55
Size

700.4MB
Sample

221207-gd3jkaaa78
MD5

96319a877bcdee0b4788a88b69b1f215
SHA1

6e1645c605965b20fab6775c0b676401cbbff00d
SHA256

22ead9286bd771170d6b0dc050c67ff487e140918e9f0b529cde4d867dee9b55
SHA512

b2fcfe7a1a75b24323ba0ff96821c1561932f0c06136c4100b05eddfd667f9aecf6d488eed12c8cda52c2d9789d9120a24b7e16fc90b2c75d521563211c302c8
SSDEEP

6144:/EopXhSxHralFw1nXEjb5QM0Pq5Ml2QOyAm2c84fHNArD7V/2c84fH:2rkSnXEjupPa1QdAm2lgNCDx/2lg

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

C2

178.20.44.196:4127

192.168.1.149:4127

Targets

- Target
  
  22ead9286bd771170d6b0dc050c67ff487e140918e9f0b529cde4d867dee9b55
- Size
  
  700.4MB
- MD5
  
  96319a877bcdee0b4788a88b69b1f215
- SHA1
  
  6e1645c605965b20fab6775c0b676401cbbff00d
- SHA256
  
  22ead9286bd771170d6b0dc050c67ff487e140918e9f0b529cde4d867dee9b55
- SHA512
  
  b2fcfe7a1a75b24323ba0ff96821c1561932f0c06136c4100b05eddfd667f9aecf6d488eed12c8cda52c2d9789d9120a24b7e16fc90b2c75d521563211c302c8
- SSDEEP
  
  6144:/EopXhSxHralFw1nXEjb5QM0Pq5Ml2QOyAm2c84fHNArD7V/2c84fH:2rkSnXEjupPa1QdAm2lgNCDx/2lg
Score

10^/10

systembc persistence trojan
- Modifies WinLogon for persistence
  persistence
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

systembcpersistencetrojan

behavioral2