Overview

overview

10

Static

static

1

dumped.exe

windows7-x64

10

dumped.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dumped.bin

  • Size

    860KB

  • Sample

    230301-k5mtzafa9x

  • MD5

    e16b13843a4dd08c6821dd2cf5c294bf

  • SHA1

    c2fa411264141dbfc203af4c58e58be3c980597d

  • SHA256

    74f644570bfb9338824c6967401d64c4e8e2b078810102a6825e8849fd2d09a0

  • SHA512

    d9c84199cc8ae50829d5310f3ee755b2fc1155783e5deeb4572d9630b4ec9d8e24254cc062fadb302abdd4ac529faa4e8e51cbcb7b6f800edc87eb2137ce6946

  • SSDEEP

    24576:GwF0biOMSAIPqabkHJOAIAzWMCkPYz4+l9IjlWe1u1M:Ge0uO544Me

Score
10/10
systembcpersistencetrojan

Malware Config

Extracted

Family

systembc

C2

210.16.67.250:3000

192.168.1.28:3000

Targets

    • Target

      dumped.bin

    • Size

      860KB

    • MD5

      e16b13843a4dd08c6821dd2cf5c294bf

    • SHA1

      c2fa411264141dbfc203af4c58e58be3c980597d

    • SHA256

      74f644570bfb9338824c6967401d64c4e8e2b078810102a6825e8849fd2d09a0

    • SHA512

      d9c84199cc8ae50829d5310f3ee755b2fc1155783e5deeb4572d9630b4ec9d8e24254cc062fadb302abdd4ac529faa4e8e51cbcb7b6f800edc87eb2137ce6946

    • SSDEEP

      24576:GwF0biOMSAIPqabkHJOAIAzWMCkPYz4+l9IjlWe1u1M:Ge0uO544Me

    Score
    10/10
    systembcpersistencetrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks