systembc | af1679585c261a5a4490b7848e65d45b6bc030fa124e75cccc2ac28e615d041e | Triage

Sharing

General

Target

af1679585c261a5a4490b7848e65d45b6bc030fa124e75cccc2ac28e615d041e
Size

5.5MB
Sample

230507-gf7w3adf84
MD5

c48a400ccdb846dfeecdb8564ed29e6a
SHA1

a534f99c56d321e2b4cb111e5afbe38ee4dd2fd4
SHA256

af1679585c261a5a4490b7848e65d45b6bc030fa124e75cccc2ac28e615d041e
SHA512

7c97935c18cf8bdb575d210b13ebc204c81b60b05036da6bbd3bf755d7a1277fe3e9012977a6d5f4573b52e2b0963c6364f56d0a2092f84909e51883ec02383b
SSDEEP

98304:097RqNuY64Jd70rj4uJUDFsPDDLuTw/mH8JVOYN8G3fPBuY5VGfiVC2jyi/HKqP6:+sNukdU4QN/mcJPVBuMAKsgqqP54

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

5.45.73.25:4246

poolsforyour.com:4246

Targets

- Target
  
  af1679585c261a5a4490b7848e65d45b6bc030fa124e75cccc2ac28e615d041e
- Size
  
  5.5MB
- MD5
  
  c48a400ccdb846dfeecdb8564ed29e6a
- SHA1
  
  a534f99c56d321e2b4cb111e5afbe38ee4dd2fd4
- SHA256
  
  af1679585c261a5a4490b7848e65d45b6bc030fa124e75cccc2ac28e615d041e
- SHA512
  
  7c97935c18cf8bdb575d210b13ebc204c81b60b05036da6bbd3bf755d7a1277fe3e9012977a6d5f4573b52e2b0963c6364f56d0a2092f84909e51883ec02383b
- SSDEEP
  
  98304:097RqNuY64Jd70rj4uJUDFsPDDLuTw/mH8JVOYN8G3fPBuY5VGfiVC2jyi/HKqP6:+sNukdU4QN/mcJPVBuMAKsgqqP54
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2