systembc | d1a0998e382046ff7f4c05dcbb784517e7ef7dd741760e25d11388d93f1e82b4 | Triage

Sharing

General

Target

d1a0998e382046ff7f4c05dcbb784517e7ef7dd741760e25d11388d93f1e82b4
Size

2.2MB
Sample

240607-b5xjqsfe7z
MD5

b60887355bbdd18f8b94fa77e01d58ab
SHA1

b634b88eca4a5d29bdd8eb6c5ac98efa51423ed3
SHA256

d1a0998e382046ff7f4c05dcbb784517e7ef7dd741760e25d11388d93f1e82b4
SHA512

e6fc0c4ea01461a762f929c828fcd985a3aed701a3546c2ab8e18331d81066082d39d3a869c050c5f0404f3f8f994b11c89a1cca8f0c63754694f302e685e715
SSDEEP

49152:jvKFuKXLEmpRoMPRUzRySYWmdEsGVEQlYa5MbiojYKDnSukXyqrb:WFukLjpR3yRVYWmKsqojfDnvk

Score

10^/10

systembc persistence trojan

Malware Config

Extracted

Family

systembc

C2

cobusabobus.cam:4383

185.43.220.45:4383

Targets

- Target
  
  d1a0998e382046ff7f4c05dcbb784517e7ef7dd741760e25d11388d93f1e82b4
- Size
  
  2.2MB
- MD5
  
  b60887355bbdd18f8b94fa77e01d58ab
- SHA1
  
  b634b88eca4a5d29bdd8eb6c5ac98efa51423ed3
- SHA256
  
  d1a0998e382046ff7f4c05dcbb784517e7ef7dd741760e25d11388d93f1e82b4
- SHA512
  
  e6fc0c4ea01461a762f929c828fcd985a3aed701a3546c2ab8e18331d81066082d39d3a869c050c5f0404f3f8f994b11c89a1cca8f0c63754694f302e685e715
- SSDEEP
  
  49152:jvKFuKXLEmpRoMPRUzRySYWmdEsGVEQlYa5MbiojYKDnSukXyqrb:WFukLjpR3yRVYWmKsqojfDnvk
Score

10^/10

systembc persistence trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcpersistencetrojan

behavioral2

systembcpersistencetrojan