systembc | 58ef680ea998daa20783e3e2a2b4c871892db0100754c85f465e54bb5063cad6 | Triage

Sharing

General

Target

a1ad149a4d2a04338fd9a0d902410daf.bin
Size

335KB
Sample

240604-dvvy9sbd7v
MD5

94cb7e7e01013b778c3b77b1f2c1db6a
SHA1

cad7ed3c7381c7b7b27823a98470460c1ed3a535
SHA256

58ef680ea998daa20783e3e2a2b4c871892db0100754c85f465e54bb5063cad6
SHA512

0844385de5d213b25db0a58d793ac6482247cb22ecdecaf771958b6400ed223e3ebf1ef78bc5d03ba107afe404ecef89ff95946fa8d1323d43847ebe7a0e120e
SSDEEP

6144:WYREmHgtHsC4XF28Whh+LHBQLcnM/mw3rXx7tZ4TO2pJtMKeLvgg8AEi9hHI:NHgmCIF0HKmcnGLt/4fabLvFjpTI

Score

10^/10

systembc trojan

Malware Config

Extracted

Family

systembc

C2

cobusabobus.cam:4001

Targets

- Target
  
  6e9f1c1298419230dbc24cfe76a8d64c8094e9d1335a0cef567042b3250e565a.exe
- Size
  
  613KB
- MD5
  
  a1ad149a4d2a04338fd9a0d902410daf
- SHA1
  
  d43db08458ea4a81cd32926a402d8a5d12728a2f
- SHA256
  
  6e9f1c1298419230dbc24cfe76a8d64c8094e9d1335a0cef567042b3250e565a
- SHA512
  
  cef534d0233f47048d6b80c49c4b44570fc436b90904ea84f03c24106ecb785802c424e1241ebd70b9a85f09b77f7c0322927c57a9d65959da4a425149e04128
- SSDEEP
  
  12288:mhqxSLo5C1Ps4Xh/P58lhqxSLo5C1Ps4XhAjN81Ve:mHLmCiIhXyHLmCiIhocVe
Score

10^/10

systembc trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2