systembc | 96bb40eaf29d3619c016a62e397e02761e898f342ab4dfdb52232ceddc13846a | Triage

Sharing

General

Target

02696699.exe
Size

923KB
Sample

230612-ns2n5sbh33
MD5

0c0827b80b8450ed442d0a5afbc1324c
SHA1

f212fc466d539f1b327e0f23269c4d2818e9bbfb
SHA256

96bb40eaf29d3619c016a62e397e02761e898f342ab4dfdb52232ceddc13846a
SHA512

75df0198b67109a5443c06e63c9ef145ae343c7519c9e2a4b7a06ddaf880c95a725ba223e2f183d52ee13f70c9a599e2b2ac2bcbc3d0510a4ef11941d7af118c
SSDEEP

6144:zuK8X8DB2w0M4/Pwj33eCWhBZMZ0AO5Z1YS:zgXWB0V/Pwj6LY

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

C2

5.42.95.122:4308

194.87.111.29:4308

Targets

- Target
  
  02696699.exe
- Size
  
  923KB
- MD5
  
  0c0827b80b8450ed442d0a5afbc1324c
- SHA1
  
  f212fc466d539f1b327e0f23269c4d2818e9bbfb
- SHA256
  
  96bb40eaf29d3619c016a62e397e02761e898f342ab4dfdb52232ceddc13846a
- SHA512
  
  75df0198b67109a5443c06e63c9ef145ae343c7519c9e2a4b7a06ddaf880c95a725ba223e2f183d52ee13f70c9a599e2b2ac2bcbc3d0510a4ef11941d7af118c
- SSDEEP
  
  6144:zuK8X8DB2w0M4/Pwj33eCWhBZMZ0AO5Z1YS:zgXWB0V/Pwj6LY
Score

10^/10

systembc persistence trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcpersistencetrojan

behavioral2

systembcpersistencetrojan