Extracted

• • Target

    8cea9bc30046ce76a8d9d211206b9197_JaffaCakes118

  • Size

    2.2MB

  • MD5

    8cea9bc30046ce76a8d9d211206b9197

  • SHA1

    408b79f4b244be9e288efe7185dc915aaf4a9cbc

  • SHA256

    a8bf7dbcfe29c3c9c0bed1be3cd9cc2935e2bf60313c5721e37fbad5048f67c6

  • SHA512

    95d2b4117ec60f1b0d1611e742da358d77e1488a66e5f87105bb0b1e71ba016e3e153769d51701a47bd8ca85ada38150ee50e7edfc77e1a352a867399d27dcae

  • SSDEEP

    24576:gUHmsocCmYbx4wLMR+OXY0WvY0WvY0WvY0WvY0WvY0WvY0WvY0WPY0WvY0WvY0WI:xGkYbx4wLMR+d7c

  Score

  10^/10

  systembctrojan

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc

  • Executes dropped EXE

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in System32 directory

  behavioral1behavioral2