systembc | f0562d49226fc4776a7991b14f43b2c7a572ae276adef3d3dc3678b8b0894401 | Triage

Sharing

General

Target

2f3ce115601d43d540c57e679259f105_JaffaCakes118
Size

346KB
Sample

240729-bcn2wsygje
MD5

2f3ce115601d43d540c57e679259f105
SHA1

79e728592ee89467d88a5c684b93002febcd7e4f
SHA256

f0562d49226fc4776a7991b14f43b2c7a572ae276adef3d3dc3678b8b0894401
SHA512

397f86996de981fe1526b4ce62dab7898b8112517901dffb75e183e612be83ae677d10bf3be41904ce3cb9375460e6479625368fe637fb1d789257d57e1f0cfb
SSDEEP

6144:QXX4Z20mfZDHwMznP9pTz8qv2peSg1Odbr2X3f+gOkXdhFr:Qn4xu5P9p8q+0hOV2XWgO8hFr

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

knock0909.monster:4035

knock0909.xyz:4035

Targets

- Target
  
  2f3ce115601d43d540c57e679259f105_JaffaCakes118
- Size
  
  346KB
- MD5
  
  2f3ce115601d43d540c57e679259f105
- SHA1
  
  79e728592ee89467d88a5c684b93002febcd7e4f
- SHA256
  
  f0562d49226fc4776a7991b14f43b2c7a572ae276adef3d3dc3678b8b0894401
- SHA512
  
  397f86996de981fe1526b4ce62dab7898b8112517901dffb75e183e612be83ae677d10bf3be41904ce3cb9375460e6479625368fe637fb1d789257d57e1f0cfb
- SSDEEP
  
  6144:QXX4Z20mfZDHwMznP9pTz8qv2peSg1Odbr2X3f+gOkXdhFr:Qn4xu5P9p8q+0hOV2XWgO8hFr
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan