systembc | cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15 | Triage

Sharing

General

Target

cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15.exe
Size

662KB
Sample

240517-cdrpvacd72
MD5

d031aae0c4b488067297beb2dc26460f
SHA1

7a2fa90c458468651846532d2876eefc7fe15ea2
SHA256

cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15
SHA512

4c7538977edf03602b9b4c29acf4e428850a46cfd9bb448dbc39277d75b4536977baa3c0f370ec2065a837af49d049be14a0fd936b06955dcfb352d6ce3ab3d0
SSDEEP

12288:GubsNSOetfARQAPyGUu7zhubsNSOetfARQAPyGUfT+tkrnC/bv8:GubsnafAPyjSzhubsnafAPyjZrnEL8

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

cobusabobus.cam:4001

Targets

- Target
  
  cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15.exe
- Size
  
  662KB
- MD5
  
  d031aae0c4b488067297beb2dc26460f
- SHA1
  
  7a2fa90c458468651846532d2876eefc7fe15ea2
- SHA256
  
  cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15
- SHA512
  
  4c7538977edf03602b9b4c29acf4e428850a46cfd9bb448dbc39277d75b4536977baa3c0f370ec2065a837af49d049be14a0fd936b06955dcfb352d6ce3ab3d0
- SSDEEP
  
  12288:GubsNSOetfARQAPyGUu7zhubsNSOetfARQAPyGUfT+tkrnC/bv8:GubsnafAPyjSzhubsnafAPyjZrnEL8
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2