systembc | a2bf4098b65e0efb8bc9cba70cfb5e36d01de5f591d100bb429a5dc3ef6c3bc3 | Triage

Sharing

General

Target

b1d156c496219977a9cd4355094613f5.exe
Size

1.1MB
Sample

230411-k42lqsdb7z
MD5

b1d156c496219977a9cd4355094613f5
SHA1

2f0476f22e05455ff4e56171438d16ff87291ea5
SHA256

a2bf4098b65e0efb8bc9cba70cfb5e36d01de5f591d100bb429a5dc3ef6c3bc3
SHA512

cf2b36778aa5a54b082de89b9e0e4404e00cf634ba9d7cfe8a8f21a8a39be0787a042328688af18f6fe6a144d869a73100267e1301cfbbd0701c7c3595dc81cc
SSDEEP

24576:kob9rHzThqel1mK5XJent7IL+PYL65XPr5JfQZZ0WgisS:kE9TTRlvS5YL6ptJfQZiWg3S

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

45.138.74.200:4001

212.8.244.5:4001

Targets

- Target
  
  b1d156c496219977a9cd4355094613f5.exe
- Size
  
  1.1MB
- MD5
  
  b1d156c496219977a9cd4355094613f5
- SHA1
  
  2f0476f22e05455ff4e56171438d16ff87291ea5
- SHA256
  
  a2bf4098b65e0efb8bc9cba70cfb5e36d01de5f591d100bb429a5dc3ef6c3bc3
- SHA512
  
  cf2b36778aa5a54b082de89b9e0e4404e00cf634ba9d7cfe8a8f21a8a39be0787a042328688af18f6fe6a144d869a73100267e1301cfbbd0701c7c3595dc81cc
- SSDEEP
  
  24576:kob9rHzThqel1mK5XJent7IL+PYL65XPr5JfQZZ0WgisS:kE9TTRlvS5YL6ptJfQZiWg3S
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2