systembc | cb92d12ebe8e036b9ebd71dcc80f9187c13bd78ad7d6f4076159c053c4cab16f | Triage

Resubmissions

15/04/2024, 11:24

240415-nhn1asfe2w 10

10/04/2024, 03:17

240410-dth83sce74 10

10/04/2024, 03:17

240410-dtbh8sce69 10

10/04/2024, 03:17

240410-dtaxpsfh4v 10

10/04/2024, 03:17

240410-dtaa6sfh4t 10

19/12/2023, 17:59

231219-wkzhtabga4 10

Sharing

General

Target

7094b9e15f54e0a9619fe6073988ee5c
Size

209KB
Sample

240410-dtaxpsfh4v
MD5

7094b9e15f54e0a9619fe6073988ee5c
SHA1

5cdc7829d5acedb7f1344ff541a2f962f27f5b01
SHA256

cb92d12ebe8e036b9ebd71dcc80f9187c13bd78ad7d6f4076159c053c4cab16f
SHA512

d5b2d1550f9aa60f4d468150f12d57e37b4090e22277f90ed44962995da4815cc6089e0ee2d1af187bf4b51925cab7631a6e87086621c431ea594c82fa578e83
SSDEEP

6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1UF:cnLh9yn52rpUR5vHuRYpM+F

Score

10^/10

systembc trojan upx

Malware Config

Extracted

Family

systembc

C2

yan0212.com:4039

yan0212.net:4039

Targets

- Target
  
  7094b9e15f54e0a9619fe6073988ee5c
- Size
  
  209KB
- MD5
  
  7094b9e15f54e0a9619fe6073988ee5c
- SHA1
  
  5cdc7829d5acedb7f1344ff541a2f962f27f5b01
- SHA256
  
  cb92d12ebe8e036b9ebd71dcc80f9187c13bd78ad7d6f4076159c053c4cab16f
- SHA512
  
  d5b2d1550f9aa60f4d468150f12d57e37b4090e22277f90ed44962995da4815cc6089e0ee2d1af187bf4b51925cab7631a6e87086621c431ea594c82fa578e83
- SSDEEP
  
  6144:YDnLgI91y1UkT57iJz/DpURWPSvHuUiYphu1UF:cnLh9yn52rpUR5vHuRYpM+F
Score

10^/10

systembc trojan upx
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2 behavioral3 behavioral4
- Target
  
  out.upx
- Size
  
  1.0MB
- MD5
  
  86b56f37e12c0361800c2dc4a00efaad
- SHA1
  
  5a4521d1334b352cfb0abc9ea4c16dba3a683139
- SHA256
  
  f55cb3610af39d030231dc72beb53bdfa9f6fe26ff62c72e9af92059ad4b947e
- SHA512
  
  e67b7cc98a0fdbcbfa6fc1ece56f8ed25f8bb920e76d1f6bd1e997823220b19ada56a6a99e2e0b60c3ea43053ad4bec9f11b59a8c1cfebae7470a5eff8850a7d
- SSDEEP
  
  6144:D9mI/A/bpCQqR5yqL5gbqD8T/ruTEu1U7C711:D9ro/4QqLmqDC/rup+6P
Score

3^/10
behavioral5 behavioral6 behavioral7 behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembctrojanupx

behavioral2

systembctrojanupx

behavioral3

systembctrojanupx

behavioral4

systembctrojanupx

behavioral5

behavioral6

behavioral7

behavioral8