systembc | 2227d5b2e2782a03bdb847a8ebf9ea40cc2c9f10f48385154c66ded1577b1deb | Triage

Sharing

General

Target

tmp
Size

2.4MB
Sample

230807-wjx9csab9x
MD5

82cf051811579ee4f1d9978af52f12db
SHA1

34122975ea9238001cb644955a1474f4d33f9e7b
SHA256

2227d5b2e2782a03bdb847a8ebf9ea40cc2c9f10f48385154c66ded1577b1deb
SHA512

1eb2df40b3e98a0289b2ccd51d0d0861c9e967220b745643210ecdda63e2aeebaf5940b2d0a319dd0ffc6754238aa0a897ee261d06528c645740082a07de3b73
SSDEEP

49152:M32RUvjn/TCGDQiMDpU/Sb8HDWSrbmnidPtrmEKhPlGRr4g0aQ7svt/:nyn/+GDhOcSb8HDhrK8rtGlGRr4+

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

ar.undata.cc:5320

ar1.undata.cc:5320

Targets

- Target
  
  tmp
- Size
  
  2.4MB
- MD5
  
  82cf051811579ee4f1d9978af52f12db
- SHA1
  
  34122975ea9238001cb644955a1474f4d33f9e7b
- SHA256
  
  2227d5b2e2782a03bdb847a8ebf9ea40cc2c9f10f48385154c66ded1577b1deb
- SHA512
  
  1eb2df40b3e98a0289b2ccd51d0d0861c9e967220b745643210ecdda63e2aeebaf5940b2d0a319dd0ffc6754238aa0a897ee261d06528c645740082a07de3b73
- SSDEEP
  
  49152:M32RUvjn/TCGDQiMDpU/Sb8HDWSrbmnidPtrmEKhPlGRr4g0aQ7svt/:nyn/+GDhOcSb8HDhrK8rtGlGRr4+
Score

10^/10

systembc trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2