systembc | 91eba91d8b9f359f751e25935401f51ee6f6fb49304263050690d5079475606e | Triage

Sharing

General

Target

e62582236c24973720e092adec05f8c5.bin
Size

97KB
Sample

230127-rtwq3abf56
MD5

b94116e3f5ae083a9201a8fe8b9d0111
SHA1

3b5467b0a77dc49b570fa7925c5a6663ec24b4ad
SHA256

91eba91d8b9f359f751e25935401f51ee6f6fb49304263050690d5079475606e
SHA512

ef94c173f8696cb9e14146656d3469528219cb33bf104d2da173740567ffe34e529e4337734c3b057cce367b1946070ed13b1bf9f7121bf780e22a40b0240d61
SSDEEP

1536:uyIMFVZI0K78Sjw+Sr44n1YuDclhBxEolXHEIlRWMPFqVW1e5uZ6OrnhXrSZrQD:hnXZIF7jI4sUOolXfRRPAl5I6Orh7SZg

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

advertrex20.xyz:4044

gentexman37.xyz:4044

Targets

- Target
  
  fb45af7bb8ffdcddaaec2a9e88968fbcb82eaedbdf1c16a7e9ac861906a07e23.exe
- Size
  
  156KB
- MD5
  
  e62582236c24973720e092adec05f8c5
- SHA1
  
  dc865394a456b89282bf248eeff3509ec0116911
- SHA256
  
  fb45af7bb8ffdcddaaec2a9e88968fbcb82eaedbdf1c16a7e9ac861906a07e23
- SHA512
  
  702960c841eec4c16d4b686c1cafe42d1568e3cde1aebca4c2feaef275dc9efd5dea8e6260d4a18f92d63640bd530ccb071de42a6511a7719fbbe7ee2b9bda2a
- SSDEEP
  
  3072:SXiOd5A7ENBKYEm9/1fUQcl7XcOOILUJC2PsrZLILNNOmr:SXiEA7EfKYE6RU1AnvspsP
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

behavioral2