systembc | 7d63d4958a0b5973b9f5c788e694f4efd4e4ea5354eb4db8b14f9370678584ce | Triage

Sharing

General

Target

Quo_mox niquo niquopen quilo bom lekavasi.exe
Size

187.6MB
Sample

230224-n5rppsda8s
MD5

2e1d87536ff37b0c99eed77d1238f091
SHA1

6b0bfd18069d0074c9b8e33584c81e8a7af4edd3
SHA256

7d63d4958a0b5973b9f5c788e694f4efd4e4ea5354eb4db8b14f9370678584ce
SHA512

d1666a79007063804b2cb2ae4d6ace6f2059478d11893a8902989a417a9fac9fd693fd13cf60d17baa5bea87c2871d5f6f5c591e1d8b3fe69dbff44ab9f98522
SSDEEP

24576:v5ar505yClYM/gCHWxXDPy0cphuST/3PW1ucqqwje973dxu0yLCiXt9jTWcq/:v5ariy4YMexJZw/Iucdp3IbXtFT

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

45.147.197.24:4001

80.89.234.122:4001

Targets

- Target
  
  Quo_mox niquo niquopen quilo bom lekavasi.exe
- Size
  
  187.6MB
- MD5
  
  2e1d87536ff37b0c99eed77d1238f091
- SHA1
  
  6b0bfd18069d0074c9b8e33584c81e8a7af4edd3
- SHA256
  
  7d63d4958a0b5973b9f5c788e694f4efd4e4ea5354eb4db8b14f9370678584ce
- SHA512
  
  d1666a79007063804b2cb2ae4d6ace6f2059478d11893a8902989a417a9fac9fd693fd13cf60d17baa5bea87c2871d5f6f5c591e1d8b3fe69dbff44ab9f98522
- SSDEEP
  
  24576:v5ar505yClYM/gCHWxXDPy0cphuST/3PW1ucqqwje973dxu0yLCiXt9jTWcq/:v5ariy4YMexJZw/Iucdp3IbXtFT
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1