Overview

overview

10

Static

static

1

adobe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adobe.exe

  • Size

    475.6MB

  • Sample

    230313-k2s7ksbe9x

  • MD5

    3450e33a31a58590b7b0f76d95f1c15b

  • SHA1

    ee672c96f12484c3dae64fd964a4427b3cc6565b

  • SHA256

    2ba9e1fa5bac1c4ff40a3d1301e730cff2007f7bbec73997b60b679c46f304de

  • SHA512

    fa3558fce1eb2549586477f080ed3f1dcc730c6d30eb9fc10c1a9b7c67ab8c906f245618855711fa26ed41216a8863f348d75af24fe8dbf5783508ac5013efa7

  • SSDEEP

    49152:ZC6nMrcpEgloAXxQ8+vHe1NkQLUEHgnpY:ZNBjloAhR+/m+Ugn

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

45.138.74.200:4001

212.8.244.5:4001

Targets

    • Target

      adobe.exe

    • Size

      475.6MB

    • MD5

      3450e33a31a58590b7b0f76d95f1c15b

    • SHA1

      ee672c96f12484c3dae64fd964a4427b3cc6565b

    • SHA256

      2ba9e1fa5bac1c4ff40a3d1301e730cff2007f7bbec73997b60b679c46f304de

    • SHA512

      fa3558fce1eb2549586477f080ed3f1dcc730c6d30eb9fc10c1a9b7c67ab8c906f245618855711fa26ed41216a8863f348d75af24fe8dbf5783508ac5013efa7

    • SSDEEP

      49152:ZC6nMrcpEgloAXxQ8+vHe1NkQLUEHgnpY:ZNBjloAhR+/m+Ugn

    Score
    10/10
    systembctrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks