systembc | 5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a | Triage

Sharing

General

Target

72cfa33b978294103889481feca472f2_JaffaCakes118
Size

222KB
Sample

240730-q9shxawhrh
MD5

72cfa33b978294103889481feca472f2
SHA1

0615eb31fd67345b9fa0d57d12a3bcb363152abe
SHA256

5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a
SHA512

d1de5fee23b7a858ec62b849cd8a41cf896ab8b6df4836c65ba36942c1d1727b36832d45713a578c93e8a0b8650bf55923568637d91bb9b2196257a2ae015559
SSDEEP

3072:m04yjyyUD1HncBNyBNp5oEug4OkyJAQF1G8Xrrw+cC+lJDJEQkjvuMM:SR1HUUPCEZ4OkyJ9rrw+cZTuZSMM

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

fanstat18.club:4044

dexblog90.club:4044

Targets

- Target
  
  72cfa33b978294103889481feca472f2_JaffaCakes118
- Size
  
  222KB
- MD5
  
  72cfa33b978294103889481feca472f2
- SHA1
  
  0615eb31fd67345b9fa0d57d12a3bcb363152abe
- SHA256
  
  5d366decba2f9078f457cb35fe7bfd198760683a709f0d33745fc6e0ba59ac8a
- SHA512
  
  d1de5fee23b7a858ec62b849cd8a41cf896ab8b6df4836c65ba36942c1d1727b36832d45713a578c93e8a0b8650bf55923568637d91bb9b2196257a2ae015559
- SSDEEP
  
  3072:m04yjyyUD1HncBNyBNp5oEug4OkyJAQF1G8Xrrw+cC+lJDJEQkjvuMM:SR1HUUPCEZ4OkyJ9rrw+cZTuZSMM
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan