systembc | 7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b | Triage

Resubmissions

09-04-2024 15:25

240409-stwazaeb2v 10

09-04-2024 15:25

240409-stvpfaeb2s 10

09-04-2024 15:25

240409-stvdnsaf77 10

09-04-2024 15:25

240409-stryjsea9x 10

13-01-2023 16:48

230113-va4jcaae56 10

Sharing

General

Target

a95c29de8321dd4dc8b9676ec640e7b3.exe
Size

32KB
Sample

230113-va4jcaae56
MD5

a95c29de8321dd4dc8b9676ec640e7b3
SHA1

d9ef0d8e14ddba29ab8e39779e616344440d8f75
SHA256

7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b
SHA512

d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf
SSDEEP

768:3Ta1PsXQ0yVmQvcs27NOJtyuv09gnoJCvcror:SsXQ0yVN2gV0Gno

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

dec15coma.com:4039

dec15coma.xyz:4039

Targets

- Target
  
  a95c29de8321dd4dc8b9676ec640e7b3.exe
- Size
  
  32KB
- MD5
  
  a95c29de8321dd4dc8b9676ec640e7b3
- SHA1
  
  d9ef0d8e14ddba29ab8e39779e616344440d8f75
- SHA256
  
  7616efcd937ca8fd237f3afa86aea2294844d00cd1100b75660b4925ad88924b
- SHA512
  
  d6ee8ea621bd1a0de0046773459316eec5a4f04077f90002d48f997e64758cf6fea7d80e4e7337dc95a4827233f0da937fb9228d5a15867043d097ee73da6acf
- SSDEEP
  
  768:3Ta1PsXQ0yVmQvcs27NOJtyuv09gnoJCvcror:SsXQ0yVN2gV0Gno
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

behavioral2