systembc | c9c5581052462560bfe4587156b906c309ab10b19c5fe005a064384593609901 | Triage

Sharing

General

Target

AppInstaIIer.exe
Size

34.7MB
Sample

230721-kq91ysdh3y
MD5

79e7fd3f75d702060da1bce9fffc1db2
SHA1

308a13aa1d631fdf862c28184f5c4892a50427e4
SHA256

c9c5581052462560bfe4587156b906c309ab10b19c5fe005a064384593609901
SHA512

b6cda84590cf6ad44bb6e5a7750a886cc6a48395eb834f47144c6ee7b076b891154b68f5fea7d3c6b8cfb9521fcb494eddb2c6ca676f985be407c49f9857f32b
SSDEEP

786432:G7dVMxn9bYyICJVmqPt0+nNICoie+MqNOym5v:GQnGBentbnd0/v

Score

10^/10

systembc vidar https://t.me/jsvbdyufwibascq persistence spyware stealer trojan

Malware Config

Extracted

Family

vidar

Version

4.8

Botnet

https://t.me/jsvbdyufwibascq

C2

https://t.me/jsvbdyufwibascq

https://t.me/sundayevent

https://steamcommunity.com/profiles/76561198982268531

Attributes

profile_id_v2
https://t.me/jsvbdyufwibascq
user_agent
Mozilla/5.0 (X11; Linux 3.5.4-1-ARCH i686; es) KHTML/4.9.1 (like Gecko) Konqueror/4.9

Extracted

Family

systembc

C2

91.103.252.89:4317

91.103.252.57:4317

Targets

- Target
  
  AppInstaIIer.exe
- Size
  
  34.7MB
- MD5
  
  79e7fd3f75d702060da1bce9fffc1db2
- SHA1
  
  308a13aa1d631fdf862c28184f5c4892a50427e4
- SHA256
  
  c9c5581052462560bfe4587156b906c309ab10b19c5fe005a064384593609901
- SHA512
  
  b6cda84590cf6ad44bb6e5a7750a886cc6a48395eb834f47144c6ee7b076b891154b68f5fea7d3c6b8cfb9521fcb494eddb2c6ca676f985be407c49f9857f32b
- SSDEEP
  
  786432:G7dVMxn9bYyICJVmqPt0+nNICoie+MqNOym5v:GQnGBentbnd0/v
Score

10^/10

systembc vidar https://t.me/jsvbdyufwibascq persistence spyware stealer trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Vidar
  Vidar is an infostealer based on Arkei stealer.
  stealer vidar
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses 2FA software files, possible credential harvesting
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcvidarhttps://t.me/jsvbdyufwibascqpersistencespywarestealertrojan