systembc

Sharing

Copy URL

Twitter E-mail

General

Target

6e9f1c1298419230dbc24cfe76a8d64c8094e9d1335a0cef567042b3250e565a
Size

613KB
Sample

240603-f9yd2sdc9s
MD5

a1ad149a4d2a04338fd9a0d902410daf
SHA1

d43db08458ea4a81cd32926a402d8a5d12728a2f
SHA256

6e9f1c1298419230dbc24cfe76a8d64c8094e9d1335a0cef567042b3250e565a
SHA512

cef534d0233f47048d6b80c49c4b44570fc436b90904ea84f03c24106ecb785802c424e1241ebd70b9a85f09b77f7c0322927c57a9d65959da4a425149e04128
SSDEEP

12288:mhqxSLo5C1Ps4Xh/P58lhqxSLo5C1Ps4XhAjN81Ve:mHLmCiIhXyHLmCiIhocVe

Score

10^/10

systembc trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.nifty.ne.jp
Port:
587
Username:
[email protected]
Password:
s5zb42ve

Extracted

Credentials

Protocol: smtp
Host:
smtp.mydurango.net
Port:
587
Username:
[email protected]
Password:
jaybird

Extracted

Credentials

Protocol: smtp
Host:
mx.tamercekici.info
Port:
587
Username:
[email protected]
Password:
Emftjfj

Extracted

Credentials

Protocol: smtp
Host:
mail.amigo2.ne.jp
Port:
587
Username:
[email protected]
Password:
k49n8ofs

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
Harkins1153!

Extracted

Credentials

Protocol: smtp
Host:
mbn.nifty.com
Port:
587
Username:
[email protected]
Password:
MARUHI28

Extracted

Credentials

Protocol: smtp
Host:
smtp.tg.commufa.jp
Port:
587
Username:
[email protected]
Password:
19670417

Extracted

Credentials

Protocol: smtp
Host:
mx.rizet.in
Port:
587
Username:
[email protected]
Password:
267914Da0d783060091eedce48339

Extracted

Credentials

Protocol: smtp
Host:
mx.abcnetworkingu.pl
Port:
587
Username:
[email protected]

Extracted

Family

systembc

cobusabobus.cam:4001

Extracted

Credentials

Protocol: smtp
Host:
smtp.jcom.zaq.ne.jp
Port:
587
Username:
[email protected]
Password:
itokin0705

Extracted

Credentials

Protocol: smtp
Host:
mail.hicat.ne.jp
Port:
587
Username:
[email protected]
Password:
vhsw2rnh##

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
Mutt865me993

Extracted

Credentials

Protocol: smtp
Host:
smtp.nifty.ne.jp
Port:
587
Username:
[email protected]
Password:
pajero12

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontiernet.net
Port:
587
Username:
[email protected]
Password:
baker

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
drillsgtd3

Extracted

Credentials

Protocol: smtp
Host:
mail.chollian.net
Port:
587
Username:
[email protected]
Password:
imageman

Extracted

Credentials

Protocol: smtp
Host:
smtp.frontier.com
Port:
587
Username:
[email protected]
Password:
bubbles

Targets

- Target
  
  6e9f1c1298419230dbc24cfe76a8d64c8094e9d1335a0cef567042b3250e565a
- Size
  
  613KB
- MD5
  
  a1ad149a4d2a04338fd9a0d902410daf
- SHA1
  
  d43db08458ea4a81cd32926a402d8a5d12728a2f
- SHA256
  
  6e9f1c1298419230dbc24cfe76a8d64c8094e9d1335a0cef567042b3250e565a
- SHA512
  
  cef534d0233f47048d6b80c49c4b44570fc436b90904ea84f03c24106ecb785802c424e1241ebd70b9a85f09b77f7c0322927c57a9d65959da4a425149e04128
- SSDEEP
  
  12288:mhqxSLo5C1Ps4Xh/P58lhqxSLo5C1Ps4XhAjN81Ve:mHLmCiIhXyHLmCiIhocVe
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2