systembc | 3c94a2599ff2c5b3103ac608e578a7ee477527097cd19e0f1e64d38d5366eae1 | Triage

Sharing

General

Target

3c94a2599ff2c5b3103ac608e578a7ee477527097cd19e0f1e64d38d5366eae1exe_JC.exe
Size

563KB
Sample

230804-rr72bacd9t
MD5

6ea1172020965edb4537d792d9708895
SHA1

3172fde93fdda132c70993e38d323e81dc2a1574
SHA256

3c94a2599ff2c5b3103ac608e578a7ee477527097cd19e0f1e64d38d5366eae1
SHA512

3e09f7dd203017ef1e7c32e91e3f434602199ddcbd662e9fc998d7e47a5540f823e93f47ede04052645aaddcab0a6ae38613ac5ccc640b22edcb5e6a951361a2
SSDEEP

6144:xKYFmTP4ym4mEca4GtqLA3/3E3I4CmV9X1edcqeofiaO5kkRgVY2t6ta:YYqmERtq0vE3Ixm9UfP/5tW

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

C2

kmstat95dx.xyz:4044

kmstat355mx.xyz:4044

Targets

- Target
  
  3c94a2599ff2c5b3103ac608e578a7ee477527097cd19e0f1e64d38d5366eae1exe_JC.exe
- Size
  
  563KB
- MD5
  
  6ea1172020965edb4537d792d9708895
- SHA1
  
  3172fde93fdda132c70993e38d323e81dc2a1574
- SHA256
  
  3c94a2599ff2c5b3103ac608e578a7ee477527097cd19e0f1e64d38d5366eae1
- SHA512
  
  3e09f7dd203017ef1e7c32e91e3f434602199ddcbd662e9fc998d7e47a5540f823e93f47ede04052645aaddcab0a6ae38613ac5ccc640b22edcb5e6a951361a2
- SSDEEP
  
  6144:xKYFmTP4ym4mEca4GtqLA3/3E3I4CmV9X1edcqeofiaO5kkRgVY2t6ta:YYqmERtq0vE3Ixm9UfP/5tW
Score

10^/10

systembc persistence trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

systembcpersistencetrojan