systembc | dc23e92b35cd9ceb3e8adc91a4492facfd66d65f72967ba69c57f17470f9b66f | Triage

Sharing

General

Target

4b8b7e4c7b2aed6c3c67b3d5678f6440.exe
Size

106KB
Sample

230206-kvbzqach68
MD5

4b8b7e4c7b2aed6c3c67b3d5678f6440
SHA1

33097d2c883f7e8248c70876cfd6c77b36a1622a
SHA256

dc23e92b35cd9ceb3e8adc91a4492facfd66d65f72967ba69c57f17470f9b66f
SHA512

51d09f79f1d3fbff711bcb99df119f625bbe2d28be99de2555dc374074b64218be8b536da96047b60449a0a7f67932e27894fa1b3ce0fb6efeadd0234e7203e6
SSDEEP

1536:8++5Uk52zLQTDgoYjylkKKPv9AmIBIZigwp6OGWVVpOJV1U5uHk0UgYc5:8zqk5ELAD4yuK52ZEp6OGA+bU5DJc5

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

sdadvert197.com:4044

mexstat128.com:4044

Targets

- Target
  
  4b8b7e4c7b2aed6c3c67b3d5678f6440.exe
- Size
  
  106KB
- MD5
  
  4b8b7e4c7b2aed6c3c67b3d5678f6440
- SHA1
  
  33097d2c883f7e8248c70876cfd6c77b36a1622a
- SHA256
  
  dc23e92b35cd9ceb3e8adc91a4492facfd66d65f72967ba69c57f17470f9b66f
- SHA512
  
  51d09f79f1d3fbff711bcb99df119f625bbe2d28be99de2555dc374074b64218be8b536da96047b60449a0a7f67932e27894fa1b3ce0fb6efeadd0234e7203e6
- SSDEEP
  
  1536:8++5Uk52zLQTDgoYjylkKKPv9AmIBIZigwp6OGWVVpOJV1U5uHk0UgYc5:8zqk5ELAD4yuK52ZEp6OGA+bU5DJc5
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2