systembc | e5506d058204729a5126b16e5984840c681df000f034602cf2fba314f327f5f1 | Triage

Sharing

General

Target

d031aae0c4b488067297beb2dc26460f.bin
Size

372KB
Sample

240518-dnxvaahe38
MD5

fe45562c99cabc0aba6cd0224ebf9adb
SHA1

29dd5debe6c3242b7490d1636730e745055448ad
SHA256

e5506d058204729a5126b16e5984840c681df000f034602cf2fba314f327f5f1
SHA512

dcda28e5c39da0cc63cfa7d26a97e8955c4731b3cf2ef49266aab3018e1fd6b7d58afbbf31aa6ff5f799e74083fe510ba14ffec72c21f9636e72a6c1c7a55294
SSDEEP

6144:UUHMINRTZ4qItsyX3yLsbmvIhSF2okrfH6y2ls8fzP5Sh01QsNowBQnO46U:PHxRTZcXzQ2ok6JfzBShNsNov6U

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

cobusabobus.cam:4001

Targets

- Target
  
  cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15.exe
- Size
  
  662KB
- MD5
  
  d031aae0c4b488067297beb2dc26460f
- SHA1
  
  7a2fa90c458468651846532d2876eefc7fe15ea2
- SHA256
  
  cf1c390eeb26fbff647586a1a05e4fe11957af00a4098258e841e18a1d421f15
- SHA512
  
  4c7538977edf03602b9b4c29acf4e428850a46cfd9bb448dbc39277d75b4536977baa3c0f370ec2065a837af49d049be14a0fd936b06955dcfb352d6ce3ab3d0
- SSDEEP
  
  12288:GubsNSOetfARQAPyGUu7zhubsNSOetfARQAPyGUfT+tkrnC/bv8:GubsnafAPyjSzhubsnafAPyjZrnEL8
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2