systembc | dba174d5ff22c6f4b3969a5dfd3dd66026a4f60d6ec73f5105c312f66ec2a6af | Triage

Sharing

General

Target

55b4e7ffb50c61e3f44b6af2f360f8b6_JaffaCakes118
Size

236KB
Sample

240729-v4je9s1dpm
MD5

55b4e7ffb50c61e3f44b6af2f360f8b6
SHA1

b0760a08794565ef5f03512ead50ec6ca2f0ca40
SHA256

dba174d5ff22c6f4b3969a5dfd3dd66026a4f60d6ec73f5105c312f66ec2a6af
SHA512

879fd56dcb0c74cb316e411474ea5e134ad819d19f0b1288941756fb47a6da9ce88ad3a5abac54ba86a0cab1de7fc41ffe05faa3e0f05623d8f5c74d18d7e2fd
SSDEEP

3072:Y8AZJhoX+SWywcu/cSQsUwSz508dMW8dEONo3C5eeFJ1kgEb5VsPHgh:YZJeXNFpz5ri7W31eFJQbof+

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

knock0909.monster:4035

knock0909.xyz:4035

Targets

- Target
  
  55b4e7ffb50c61e3f44b6af2f360f8b6_JaffaCakes118
- Size
  
  236KB
- MD5
  
  55b4e7ffb50c61e3f44b6af2f360f8b6
- SHA1
  
  b0760a08794565ef5f03512ead50ec6ca2f0ca40
- SHA256
  
  dba174d5ff22c6f4b3969a5dfd3dd66026a4f60d6ec73f5105c312f66ec2a6af
- SHA512
  
  879fd56dcb0c74cb316e411474ea5e134ad819d19f0b1288941756fb47a6da9ce88ad3a5abac54ba86a0cab1de7fc41ffe05faa3e0f05623d8f5c74d18d7e2fd
- SSDEEP
  
  3072:Y8AZJhoX+SWywcu/cSQsUwSz508dMW8dEONo3C5eeFJ1kgEb5VsPHgh:YZJeXNFpz5ri7W31eFJQbof+
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan