systembc | 40293bf72b77c294924a419c1bef6a227ba280a7610ef7276ca0a4f31e2d3b6c | Triage

Sharing

General

Target

40293bf72b77c294924a419c1bef6a227ba280a7610ef7276ca0a4f31e2d3b6c
Size

4.1MB
Sample

230722-14lhhsch61
MD5

bfaf9b1bbefa0dcf2333437f69b1ab98
SHA1

d1f5eb29d46d6480d28460dccc5158eb5a006336
SHA256

40293bf72b77c294924a419c1bef6a227ba280a7610ef7276ca0a4f31e2d3b6c
SHA512

f4ef55c35136152837cd366c1dcecbb1046d5ca0ff74c88367c9cdb594a8fe106d68dec30793c5979d3da5940e1858f25dca962af65a0e8a9d426eaa2099845f
SSDEEP

6144:sB5f3YwKrMducTng1RxdBNE8ZOoXzeprQoXwg4kVUm+vL1kXwT/vEVqlKh:If3zKrMduNndr3zDepGkVwvhHXEVA0

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

C2

91.103.252.89:4317

91.103.252.57:4317

Targets

- Target
  
  40293bf72b77c294924a419c1bef6a227ba280a7610ef7276ca0a4f31e2d3b6c
- Size
  
  4.1MB
- MD5
  
  bfaf9b1bbefa0dcf2333437f69b1ab98
- SHA1
  
  d1f5eb29d46d6480d28460dccc5158eb5a006336
- SHA256
  
  40293bf72b77c294924a419c1bef6a227ba280a7610ef7276ca0a4f31e2d3b6c
- SHA512
  
  f4ef55c35136152837cd366c1dcecbb1046d5ca0ff74c88367c9cdb594a8fe106d68dec30793c5979d3da5940e1858f25dca962af65a0e8a9d426eaa2099845f
- SSDEEP
  
  6144:sB5f3YwKrMducTng1RxdBNE8ZOoXzeprQoXwg4kVUm+vL1kXwT/vEVqlKh:If3zKrMduNndr3zDepGkVwvhHXEVA0
Score

10^/10

systembc persistence trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

systembcpersistencetrojan

behavioral2

systembcpersistencetrojan