systembc | f65e2dbbc8e81378ad58cef8cfd831dd0ae44be6333bdaf6a84b6f7136338729 | Triage

Sharing

General

Target

f65e2dbbc8e81378ad58cef8cfd831dd0ae44be6333bdaf6a84b6f7136338729
Size

6.6MB
Sample

230307-2dv5psce46
MD5

d086940618bcc604f2d17c141f47ae49
SHA1

0efa810ab7e78a1ddf00cd3d2abd43b9be2eb837
SHA256

f65e2dbbc8e81378ad58cef8cfd831dd0ae44be6333bdaf6a84b6f7136338729
SHA512

9e4e02bb56580bb55a208f68204860fe64617537b4450cc5b513c14cacec17ca80a58f432a98c4a9bf2d38014c4826e6e17a5cf919638ac2e4bc823507af2e04
SSDEEP

196608:O3mUa51xxehaJ9a1m2asYgqnsKmQUcuJOkoDCNztN:O233xxEaLOYnsKmxQpE3

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

C2

79.137.203.32:4289

194.87.111.29:4289

Targets

- Target
  
  f65e2dbbc8e81378ad58cef8cfd831dd0ae44be6333bdaf6a84b6f7136338729
- Size
  
  6.6MB
- MD5
  
  d086940618bcc604f2d17c141f47ae49
- SHA1
  
  0efa810ab7e78a1ddf00cd3d2abd43b9be2eb837
- SHA256
  
  f65e2dbbc8e81378ad58cef8cfd831dd0ae44be6333bdaf6a84b6f7136338729
- SHA512
  
  9e4e02bb56580bb55a208f68204860fe64617537b4450cc5b513c14cacec17ca80a58f432a98c4a9bf2d38014c4826e6e17a5cf919638ac2e4bc823507af2e04
- SSDEEP
  
  196608:O3mUa51xxehaJ9a1m2asYgqnsKmQUcuJOkoDCNztN:O233xxEaLOYnsKmxQpE3
Score

10^/10

systembc persistence trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Adds Run key to start application
  persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcpersistencetrojan

behavioral2

systembcpersistencetrojan