Overview

overview

10

Static

static

3

02696699.exe

windows7-x64

10

02696699.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02696699.exe

  • Size

    923KB

  • Sample

    230612-ns2n5sbh33

  • MD5

    0c0827b80b8450ed442d0a5afbc1324c

  • SHA1

    f212fc466d539f1b327e0f23269c4d2818e9bbfb

  • SHA256

    96bb40eaf29d3619c016a62e397e02761e898f342ab4dfdb52232ceddc13846a

  • SHA512

    75df0198b67109a5443c06e63c9ef145ae343c7519c9e2a4b7a06ddaf880c95a725ba223e2f183d52ee13f70c9a599e2b2ac2bcbc3d0510a4ef11941d7af118c

  • SSDEEP

    6144:zuK8X8DB2w0M4/Pwj33eCWhBZMZ0AO5Z1YS:zgXWB0V/Pwj6LY

Score
10/10
systembcpersistencetrojan

Malware Config

Extracted

Family

systembc

C2

5.42.95.122:4308

194.87.111.29:4308

Targets

    • Target

      02696699.exe

    • Size

      923KB

    • MD5

      0c0827b80b8450ed442d0a5afbc1324c

    • SHA1

      f212fc466d539f1b327e0f23269c4d2818e9bbfb

    • SHA256

      96bb40eaf29d3619c016a62e397e02761e898f342ab4dfdb52232ceddc13846a

    • SHA512

      75df0198b67109a5443c06e63c9ef145ae343c7519c9e2a4b7a06ddaf880c95a725ba223e2f183d52ee13f70c9a599e2b2ac2bcbc3d0510a4ef11941d7af118c

    • SSDEEP

      6144:zuK8X8DB2w0M4/Pwj33eCWhBZMZ0AO5Z1YS:zgXWB0V/Pwj6LY

    Score
    10/10
    systembcpersistencetrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks