systembc | 1dc9a3c5d28e2e20b5bbbfd229a356ec88364280fa19ecdf0882a9533e7de3b3 | Triage

Sharing

General

Target

cc4f80bbbd81cf14599c74e9f8e970ac.exe
Size

150KB
Sample

230402-jm4jbsfc63
MD5

cc4f80bbbd81cf14599c74e9f8e970ac
SHA1

c73b8e764bd16cc885143dee674a18ac98a1199c
SHA256

1dc9a3c5d28e2e20b5bbbfd229a356ec88364280fa19ecdf0882a9533e7de3b3
SHA512

74beb8e33636186fec989c47e7a91f6d1a33acf450557bf1188b4160b841ededed890fb0ccbb04ffc80d4aecc463da4ac70e224b2b4e762eaa5520003f7cfd5a
SSDEEP

3072:v/0zSzwIPgTY2nTnIKAlrym0jzGtnOfLn6bdVsPH6:HJXPPAIKPmIgOzn6bkf6

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

89.203.249.203:4035

gamelom20.com:4035

Targets

- Target
  
  cc4f80bbbd81cf14599c74e9f8e970ac.exe
- Size
  
  150KB
- MD5
  
  cc4f80bbbd81cf14599c74e9f8e970ac
- SHA1
  
  c73b8e764bd16cc885143dee674a18ac98a1199c
- SHA256
  
  1dc9a3c5d28e2e20b5bbbfd229a356ec88364280fa19ecdf0882a9533e7de3b3
- SHA512
  
  74beb8e33636186fec989c47e7a91f6d1a33acf450557bf1188b4160b841ededed890fb0ccbb04ffc80d4aecc463da4ac70e224b2b4e762eaa5520003f7cfd5a
- SSDEEP
  
  3072:v/0zSzwIPgTY2nTnIKAlrym0jzGtnOfLn6bdVsPH6:HJXPPAIKPmIgOzn6bkf6
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Connection Proxy

Impact

Tasks

static1

behavioral1

behavioral2