systembc | c700525de4c86440dd87d3b66453796a7633d904000e88d937c908941f0b9a17 | Triage

Sharing

General

Target

aa6f1c111191b58f7c606f8b4493bd5c.exe
Size

2.2MB
Sample

230331-gqb75sab3y
MD5

aa6f1c111191b58f7c606f8b4493bd5c
SHA1

d8e6d1b8186ef7dda0a088fdc374f1370a77c091
SHA256

c700525de4c86440dd87d3b66453796a7633d904000e88d937c908941f0b9a17
SHA512

a1f8ea9c67164fed8677e4ab6a400da68bade9ade6b1f4c35b0c5b46f5f4b5f7e9d4de364223b1f0348e5be9cc875c4c8c4af4a07afbedc0b073ae469d7bb534
SSDEEP

24576:fzloknFW3cOAgWEUnqVzvXDpsTQmsQ/nK+TfgM7L/wLx4l2f+dlUoXVq:fz+knFW1aqVzfDEjSY

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

C2

89.22.225.242:4193

195.2.93.22:4193

Targets

- Target
  
  aa6f1c111191b58f7c606f8b4493bd5c.exe
- Size
  
  2.2MB
- MD5
  
  aa6f1c111191b58f7c606f8b4493bd5c
- SHA1
  
  d8e6d1b8186ef7dda0a088fdc374f1370a77c091
- SHA256
  
  c700525de4c86440dd87d3b66453796a7633d904000e88d937c908941f0b9a17
- SHA512
  
  a1f8ea9c67164fed8677e4ab6a400da68bade9ade6b1f4c35b0c5b46f5f4b5f7e9d4de364223b1f0348e5be9cc875c4c8c4af4a07afbedc0b073ae469d7bb534
- SSDEEP
  
  24576:fzloknFW3cOAgWEUnqVzvXDpsTQmsQ/nK+TfgM7L/wLx4l2f+dlUoXVq:fz+knFW1aqVzfDEjSY
Score

10^/10

systembc persistence trojan
- Modifies WinLogon for persistence
  persistence
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Winlogon Helper DLL

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

systembcpersistencetrojan