systembc

Sharing

Copy URL

Twitter E-mail

General

Target

07102023_1339_samples_part00.zip
Size

1.2MB
Sample

231007-gb9j4ahd3v
MD5

f43927c3be5cad9523d8dab422f09ce2
SHA1

8d11c3e4be81df538401518bb679f3ddf4982ceb
SHA256

922ceb1d012920ad840955075cde0d92829d179d67e7116ebb97b61214d1b537
SHA512

650b83cc318c5c68b0a42c920b05b444991ebfbce73a66b2205ba39ea45134bef8cfc70d98f735553b66ad2fb6b5a286b587df5d77a99b282e3d4d7402d59f1d
SSDEEP

24576:y5HwQF5zbL/HtFuL+lGwp3WbTtGX9IqMjOLbCT0DR5eD0n:6QC1THtgL58WqMjOLT/rn

Score

10^/10

Malware Config

Extracted

Family

systembc

93.115.28.138:443

192.168.1.28:443

162.33.179.100:443

45.91.203.197:443

45.147.231.86:4254

146.70.53.169:4254

Targets

- Target
  
  0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557.bin
- Size
  
  1.0MB
- MD5
  
  17fc1332bb8885026657c75511954e07
- SHA1
  
  9ebbd2f605e5d470db176376928b47940afc1565
- SHA256
  
  0229b0ed2674e64d663aadcd2d289315b73b14b43b35101ff4fd69456b7c5557
- SHA512
  
  0c38b4af0630d9d25aadb653aa9923b751852084db41002c3c78f6aa52a9fe77483237161f7f335ed49679e38007807cf6733a015da4c30824c069910e0061c1
- SSDEEP
  
  24576:fsCTOsw3FBos9fcWKV7lI93TaSUk5wHocSRTIJCHXjqCrD:ftoK4vuy3Tz2IcuTmC3/
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
behavioral1 behavioral2
- Target
  
  048b7d11768267d538ae8066805e65a387d52c90ecfd929f695866120e853904.bin
- Size
  
  246KB
- MD5
  
  97c63287dccb656315141f20f5a45b8f
- SHA1
  
  8b2fb42275776d7dabd55e1b96ff82f394defe09
- SHA256
  
  048b7d11768267d538ae8066805e65a387d52c90ecfd929f695866120e853904
- SHA512
  
  314eba2deaba3643871d745960e15d74604605bd97c1b6f33b86b256c7ce5742e42eb84b724e2df3284de779677aba68add7ca294eb946d85cc3ea7c51b17a48
- SSDEEP
  
  6144:1DrlZz/NwysubrnBp/RCFmaaVHEuQJJ+tMdZVHHB5Y:llF/NbLrPRCFQH0Jw/
Score

10^/10

systembc persistence trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Adds Run key to start application
  persistence
behavioral3 behavioral4
- Target
  
  0f9f03bf486e3823a6ad596d4c1bd707fe19031acc0d17a3138409c8f3ee89ae.bin
- Size
  
  275KB
- MD5
  
  218976414ca64c87d927e0e02e928228
- SHA1
  
  d7cfb79d350bb5b13ec78a8b34a9cc2f05eabf93
- SHA256
  
  0f9f03bf486e3823a6ad596d4c1bd707fe19031acc0d17a3138409c8f3ee89ae
- SHA512
  
  e52af220c6339722a0f520ba42646a18ec1911f7c4bfcf9043eae74c2e5f95a77bdd683010cf1a6378eac0e49312bb1a2e70ffa5e5082c1572a0a29454008af0
- SSDEEP
  
  6144:DpjrIOKLD/HU9SNqvkCGY0GG9dY5zbmIc+8aSVj2e:1jreLTHq6qvkCGY0GG9dubm5+8Vjz
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
behavioral5 behavioral6
- Target
  
  13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b.bin
- Size
  
  24KB
- MD5
  
  ee7c5c5b5fa637c13b2ed660528bb583
- SHA1
  
  9447c3610fed636e994b59c44ae64afc180d0d7f
- SHA256
  
  13047f8cb7277ad8c1daa6f32cf4ae8029fb6ae9f839ed92d4cae12285ed366b
- SHA512
  
  92fde50e27ec7281183ed178b78e5fb98491a13bea43ec3ea068ab3c714217582e19207c929889e98c48fe19b53b7a1fc2ebcf355cd957158930151813cb2a3f
- SSDEEP
  
  96:kscmO8QYts4D6x7Aa4Gn8Vk/MM4odWLqJBDeoUy7fZd9yxcEf92al+gEc:kbT8tdOxMa4a/Zbdfrdf0lAal+L
Score

1^/10
behavioral7 behavioral8
- Target
  
  13c6577c68731d9e93655897eecd39234af0eee76ba36844c8e57421c7a191d4.bin
- Size
  
  347KB
- MD5
  
  960f9112b687fc805cc7d6483ec60a14
- SHA1
  
  a4f965d227bdc79f49e09172f27e4e647e065a05
- SHA256
  
  13c6577c68731d9e93655897eecd39234af0eee76ba36844c8e57421c7a191d4
- SHA512
  
  a1b8ef63d87f6a41627258297ab8da91e4d7efafb83220d03ce8046c7142c641f14e118483652a830b44c441af4eba668352860eae51994efff9fed84c13de57
- SSDEEP
  
  6144:5kO+mGx363FXS+3oYU9IML4ChRJX6Tf1AR+O+v0NaRH:5pcRkFih9IMkC9qxr0NC
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral10 behavioral9

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

SystemBC

Adds Run key to start application

SystemBC

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10