systembc | 23f66ece38393f81fc1f892c9243cebb6e5412b95629cc07fa83065f5b5a3e02 | Triage

Sharing

General

Target

40753d4f4ba5863be3aaaa38cd50995a.exe
Size

114KB
Sample

230208-xr3z9adh5z
MD5

40753d4f4ba5863be3aaaa38cd50995a
SHA1

cb58f6a57ecd27e7380e0f38dedb621d7d161e19
SHA256

23f66ece38393f81fc1f892c9243cebb6e5412b95629cc07fa83065f5b5a3e02
SHA512

7a458e629b22a0d62b9b34df9e04e40eca88ebc8f4067f42f83a0a1d6812cf56635c3d17c48b5ef97ea900c439ab30d32c5307ce6bfee7842b2202e3e1a831ad
SSDEEP

1536:hGFLBB4S2zN22dyPPVHbPa3bjCY0X+9hGUhW5jSVM3JdT4AFuxbUS:hGFLBb2o+3CXXE1W520JdMAFuxbU

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

winstationsocks.com:4124

winstationsocks.xyz:4124

Targets

- Target
  
  40753d4f4ba5863be3aaaa38cd50995a.exe
- Size
  
  114KB
- MD5
  
  40753d4f4ba5863be3aaaa38cd50995a
- SHA1
  
  cb58f6a57ecd27e7380e0f38dedb621d7d161e19
- SHA256
  
  23f66ece38393f81fc1f892c9243cebb6e5412b95629cc07fa83065f5b5a3e02
- SHA512
  
  7a458e629b22a0d62b9b34df9e04e40eca88ebc8f4067f42f83a0a1d6812cf56635c3d17c48b5ef97ea900c439ab30d32c5307ce6bfee7842b2202e3e1a831ad
- SSDEEP
  
  1536:hGFLBB4S2zN22dyPPVHbPa3bjCY0X+9hGUhW5jSVM3JdT4AFuxbUS:hGFLBb2o+3CXXE1W520JdMAFuxbU
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

behavioral2