systembc | 2becd96e38316309a80434b66df8a932bf57f70c66118860d9510758c281e06f | Triage

Sharing

General

Target

4c94136171542215949f50f67e5f34f2_JaffaCakes118
Size

168KB
Sample

240729-rzj98asgqm
MD5

4c94136171542215949f50f67e5f34f2
SHA1

101a5a5afe5b902af9050bef2d2ddd5e54f54448
SHA256

2becd96e38316309a80434b66df8a932bf57f70c66118860d9510758c281e06f
SHA512

7fabc5cad68035586766e7e8243d232fcbdcb5b18dee2c303c23797d8f439047031c11b875121e19023115a76b66939d11e6366a64e5037bfc64ec011cf57782
SSDEEP

3072:JfN7Cjt27vt+Ma/ljphLMzBiKjILzyMatMZ2XefeN:T7CK/Cth4znszXaPHN

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

knock0909.monster:4035

knock0909.xyz:4035

Targets

- Target
  
  4c94136171542215949f50f67e5f34f2_JaffaCakes118
- Size
  
  168KB
- MD5
  
  4c94136171542215949f50f67e5f34f2
- SHA1
  
  101a5a5afe5b902af9050bef2d2ddd5e54f54448
- SHA256
  
  2becd96e38316309a80434b66df8a932bf57f70c66118860d9510758c281e06f
- SHA512
  
  7fabc5cad68035586766e7e8243d232fcbdcb5b18dee2c303c23797d8f439047031c11b875121e19023115a76b66939d11e6366a64e5037bfc64ec011cf57782
- SSDEEP
  
  3072:JfN7Cjt27vt+Ma/ljphLMzBiKjILzyMatMZ2XefeN:T7CK/Cth4znszXaPHN
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan