systembc | 142a2de7157729abf8612c21e0adf05cc33e9b6d479b364e2e1d4073b89c110e | Triage

Sharing

General

Target

273c816d57bb09b14ff288111decf989_JaffaCakes118
Size

237KB
Sample

240728-15419axgqp
MD5

273c816d57bb09b14ff288111decf989
SHA1

25dd5c1b710b794c0ad4d6a3f7dd17d3a01f28cd
SHA256

142a2de7157729abf8612c21e0adf05cc33e9b6d479b364e2e1d4073b89c110e
SHA512

99d69e94f27577278a2eb79f1bd9fceb25352eef64a4bb09433520491cde430aff2d842214cba34901ae36a93f710e8a6884f16881a7bc88ac0184b767fb167a
SSDEEP

3072:CAscqYX+PWywvu/cMQkCSeXIyZjcW1EOT8TpRg5oXlvDszMVsPHgh:ecfX4EHX7ZhiRVXBaf+

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

knock0909.monster:4035

knock0909.xyz:4035

Targets

- Target
  
  273c816d57bb09b14ff288111decf989_JaffaCakes118
- Size
  
  237KB
- MD5
  
  273c816d57bb09b14ff288111decf989
- SHA1
  
  25dd5c1b710b794c0ad4d6a3f7dd17d3a01f28cd
- SHA256
  
  142a2de7157729abf8612c21e0adf05cc33e9b6d479b364e2e1d4073b89c110e
- SHA512
  
  99d69e94f27577278a2eb79f1bd9fceb25352eef64a4bb09433520491cde430aff2d842214cba34901ae36a93f710e8a6884f16881a7bc88ac0184b767fb167a
- SSDEEP
  
  3072:CAscqYX+PWywvu/cMQkCSeXIyZjcW1EOT8TpRg5oXlvDszMVsPHgh:ecfX4EHX7ZhiRVXBaf+
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan