systembc | f5d83117640be29986b7f0c833dd99b5a18283a39d059ba2547a9ce2e7dc10ad | Triage

Sharing

General

Target

4dcfac67c5665f33265025373ad19396.exe
Size

2.5MB
Sample

230106-lkxzwafe87
MD5

4dcfac67c5665f33265025373ad19396
SHA1

c859ee290ee24e952bfb4c4b3d155e4af19276b6
SHA256

f5d83117640be29986b7f0c833dd99b5a18283a39d059ba2547a9ce2e7dc10ad
SHA512

85134a9a09924e7179b301251f7dc1549324d965ac2e8acec3c9eb583edab8a04448f4972580660c4dd1e55e58727483a703d29120c2a441cd01832c98b0a082
SSDEEP

49152:zdGgHvZTQNHpHWqqT6r/xscnaPZJL8Qb9zJhS/qoK+/gb048J:zdCNHpHWqqTaps/jLRbJqioz/gbB8J

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

23.137.249.215:4001

reserve-domain.com:4001

Targets

- Target
  
  4dcfac67c5665f33265025373ad19396.exe
- Size
  
  2.5MB
- MD5
  
  4dcfac67c5665f33265025373ad19396
- SHA1
  
  c859ee290ee24e952bfb4c4b3d155e4af19276b6
- SHA256
  
  f5d83117640be29986b7f0c833dd99b5a18283a39d059ba2547a9ce2e7dc10ad
- SHA512
  
  85134a9a09924e7179b301251f7dc1549324d965ac2e8acec3c9eb583edab8a04448f4972580660c4dd1e55e58727483a703d29120c2a441cd01832c98b0a082
- SSDEEP
  
  49152:zdGgHvZTQNHpHWqqT6r/xscnaPZJL8Qb9zJhS/qoK+/gb048J:zdCNHpHWqqTaps/jLRbJqioz/gbB8J
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2