systembc | e213bfb7d5b88a2271f0967ff6ce96aeaa1d826fd12d980f35f3ff1119391ac8 | Triage

Sharing

General

Target

e213bfb7d5b88a2271f0967ff6ce96aeaa1d826fd12d980f35f3ff1119391ac8.exe
Size

1.7MB
Sample

240509-ck5kaafd55
MD5

4cd796d40813059763ce0e329f97aaa2
SHA1

e7c982c1d11145379c325c75272d37548a1fab07
SHA256

e213bfb7d5b88a2271f0967ff6ce96aeaa1d826fd12d980f35f3ff1119391ac8
SHA512

09f7e0f69ab629f0a2f408aca64d32c890ec9d7ff5bb856b19fd9dfe2f857f234ec17ca46d1d1f08a6e25b9f66c5076e94b94703f019933650ec9a71a328d69b
SSDEEP

24576:GubsnafAPyjSzIubsnafAPyjZrixzFa3VYeYDi8LzxQevGpDxCENQs3qkMfgWahN:YI4+I1ua3yHiKdhvGpDxes3Sfg7L

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

67.211.218.147:4001

Targets

- Target
  
  e213bfb7d5b88a2271f0967ff6ce96aeaa1d826fd12d980f35f3ff1119391ac8.exe
- Size
  
  1.7MB
- MD5
  
  4cd796d40813059763ce0e329f97aaa2
- SHA1
  
  e7c982c1d11145379c325c75272d37548a1fab07
- SHA256
  
  e213bfb7d5b88a2271f0967ff6ce96aeaa1d826fd12d980f35f3ff1119391ac8
- SHA512
  
  09f7e0f69ab629f0a2f408aca64d32c890ec9d7ff5bb856b19fd9dfe2f857f234ec17ca46d1d1f08a6e25b9f66c5076e94b94703f019933650ec9a71a328d69b
- SSDEEP
  
  24576:GubsnafAPyjSzIubsnafAPyjZrixzFa3VYeYDi8LzxQevGpDxCENQs3qkMfgWahN:YI4+I1ua3yHiKdhvGpDxes3Sfg7L
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2