systembc | fe9c809037f44ae90bb094ab94481e3cfc42d286ce90eb1e4e19e44268537424 | Triage

Sharing

General

Target

3a1fd8df0d5c55c3a72c86819f6a0679_JaffaCakes118
Size

168KB
Sample

240729-gk582azdrc
MD5

3a1fd8df0d5c55c3a72c86819f6a0679
SHA1

1ee6d5be78509a0ccaf7194d9eee36f12d6e8ea4
SHA256

fe9c809037f44ae90bb094ab94481e3cfc42d286ce90eb1e4e19e44268537424
SHA512

5d4e7eef1a4e5c3f498d4e24dc53566b8357d0e7b05eeef01449f8a9be2eed72822dfcd9190a3b1d90056522cbc5a1961e5e5f039e6ff19cc62fb9d97c5e7e0b
SSDEEP

3072:F6N7CSt27vt+Ma/lDphLMzPpoVVqQ2rMo/XTpQXpfWXk:07CD/CNh4zCVN2rMWjesX

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

knock0909.monster:4035

knock0909.xyz:4035

Targets

- Target
  
  3a1fd8df0d5c55c3a72c86819f6a0679_JaffaCakes118
- Size
  
  168KB
- MD5
  
  3a1fd8df0d5c55c3a72c86819f6a0679
- SHA1
  
  1ee6d5be78509a0ccaf7194d9eee36f12d6e8ea4
- SHA256
  
  fe9c809037f44ae90bb094ab94481e3cfc42d286ce90eb1e4e19e44268537424
- SHA512
  
  5d4e7eef1a4e5c3f498d4e24dc53566b8357d0e7b05eeef01449f8a9be2eed72822dfcd9190a3b1d90056522cbc5a1961e5e5f039e6ff19cc62fb9d97c5e7e0b
- SSDEEP
  
  3072:F6N7CSt27vt+Ma/lDphLMzPpoVVqQ2rMo/XTpQXpfWXk:07CD/CNh4zCVN2rMWjesX
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan