Overview

overview

10

Static

static

3

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b399f768287de13f64a468c4b57e19f5867d29b9e8906d070844b430166ea92

  • Size

    4.8MB

  • Sample

    230720-d65b3sce72

  • MD5

    0b4e2d65448cb900ec1d64ea564de052

  • SHA1

    d1348e11bf46327def51ff5c892894f9cb66e501

  • SHA256

    8b399f768287de13f64a468c4b57e19f5867d29b9e8906d070844b430166ea92

  • SHA512

    ead754d3337b40f7fd2d5820e888112d37824523b2000f847ef805ae9fc1a519c11fbd7f8c5a108b6275479d78ac21ae7a517a79456e0f9ce9b22713deda5d46

  • SSDEEP

    12288:TeC3CZ/dn53l3lYZDGR2vK/BY3nLkpVpnG6kzD:i+m33l3lYZE2C/zG5

Score
10/10
systembcpersistencetrojan

Malware Config

Extracted

Family

systembc

C2

91.103.252.89:4317

91.103.252.57:4317

Targets

    • Target

      8b399f768287de13f64a468c4b57e19f5867d29b9e8906d070844b430166ea92

    • Size

      4.8MB

    • MD5

      0b4e2d65448cb900ec1d64ea564de052

    • SHA1

      d1348e11bf46327def51ff5c892894f9cb66e501

    • SHA256

      8b399f768287de13f64a468c4b57e19f5867d29b9e8906d070844b430166ea92

    • SHA512

      ead754d3337b40f7fd2d5820e888112d37824523b2000f847ef805ae9fc1a519c11fbd7f8c5a108b6275479d78ac21ae7a517a79456e0f9ce9b22713deda5d46

    • SSDEEP

      12288:TeC3CZ/dn53l3lYZDGR2vK/BY3nLkpVpnG6kzD:i+m33l3lYZE2C/zG5

    Score
    10/10
    systembcpersistencetrojan

    • SystemBC

      SystemBC is a proxy and remote administration tool first seen in 2019.

      trojansystembc

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks