systembc | 8ce327334abede64885facae9947ed77c289b146a048463b1872cd6ca078ff6d | Triage

Sharing

General

Target

1fb985f8e316e1efbc23123f8a75da19_JaffaCakes118
Size

132KB
Sample

240507-g41snacg4t
MD5

1fb985f8e316e1efbc23123f8a75da19
SHA1

74028f28064466a0ee20cf91866a877a0a20fe7b
SHA256

8ce327334abede64885facae9947ed77c289b146a048463b1872cd6ca078ff6d
SHA512

af19003bf8a5a6995def525cfeb88e638569faecefdb9dc6c617a9390868f2dab847ac79fd24ad3032f889ebc6ae660f4e2af6519df85b39381abe7cb69fe6e4
SSDEEP

3072:z05vEU3/QOfTW1SrRwPXfgXCg9COPMypuCST4/T4jMbLyXq:4mUHGOUTCSTt2gq

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

spacestat7.xyz:4044

femstat8.xyz:4044

Targets

- Target
  
  1fb985f8e316e1efbc23123f8a75da19_JaffaCakes118
- Size
  
  132KB
- MD5
  
  1fb985f8e316e1efbc23123f8a75da19
- SHA1
  
  74028f28064466a0ee20cf91866a877a0a20fe7b
- SHA256
  
  8ce327334abede64885facae9947ed77c289b146a048463b1872cd6ca078ff6d
- SHA512
  
  af19003bf8a5a6995def525cfeb88e638569faecefdb9dc6c617a9390868f2dab847ac79fd24ad3032f889ebc6ae660f4e2af6519df85b39381abe7cb69fe6e4
- SSDEEP
  
  3072:z05vEU3/QOfTW1SrRwPXfgXCg9COPMypuCST4/T4jMbLyXq:4mUHGOUTCSTt2gq
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2