Overview

overview

10

Static

static

1

b05920b00f...66.exe

windows7-x64

10

b05920b00f...66.exe

windows10-1703-x64

10

b05920b00f...66.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b05920b00f2252b5060c6a6b0dbe4df78973754a8044598c65fc7ad60b498e66

  • Size

    944KB

  • Sample

    230303-qakc9ahe68

  • MD5

    c962299aa7f1294524a03cb2c7925f14

  • SHA1

    2c3a73a02cf691248c5ecaa1d2111f9b0c197713

  • SHA256

    b05920b00f2252b5060c6a6b0dbe4df78973754a8044598c65fc7ad60b498e66

  • SHA512

    9dd66ddce441cb20ca296ddc9ba9023c397ef27ca6974fec8f6bd5e0b12167154f91606a1216bc745d7aa8babcf1677c005120b8c56bb4ab8583a3a796f19d7b

  • SSDEEP

    24576:K5VTOzE3lI8hzkn1L2eEFk/6cXJ/dEI56q2A/Te:IcE1rzk1ahFYXJl75h1/T

Score
10/10
systembcpersistencetrojan

Malware Config

Extracted

Family

systembc

C2

31.222.238.58:4280

192.168.1.28:4280

Targets

    • Target

      b05920b00f2252b5060c6a6b0dbe4df78973754a8044598c65fc7ad60b498e66

    • Size

      944KB

    • MD5

      c962299aa7f1294524a03cb2c7925f14

    • SHA1

      2c3a73a02cf691248c5ecaa1d2111f9b0c197713

    • SHA256

      b05920b00f2252b5060c6a6b0dbe4df78973754a8044598c65fc7ad60b498e66

    • SHA512

      9dd66ddce441cb20ca296ddc9ba9023c397ef27ca6974fec8f6bd5e0b12167154f91606a1216bc745d7aa8babcf1677c005120b8c56bb4ab8583a3a796f19d7b

    • SSDEEP

      24576:K5VTOzE3lI8hzkn1L2eEFk/6cXJ/dEI56q2A/Te:IcE1rzk1ahFYXJl75h1/T

    Score
    10/10
    systembcpersistencetrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks