systembc | a28ddf7248cb96a79b5b4b4d942dbdcffb3f81ced96f2810a1718ebd90eb6000 | Triage

Sharing

General

Target

9e621faf9f9d751999f1193c02ca5577_JaffaCakes118
Size

472KB
Sample

240816-pswcssvcph
MD5

9e621faf9f9d751999f1193c02ca5577
SHA1

9fa5239819f052bac418c0c6be4d93530ab6439d
SHA256

a28ddf7248cb96a79b5b4b4d942dbdcffb3f81ced96f2810a1718ebd90eb6000
SHA512

68ff72eadd0a8df27a6a3d1e89bb27026140687a6dd0d94dbd53ccfba3f8a26721347cc410234d4b7ae63796bfec582332fbd01d50685d2e302f3b0d3a96c503
SSDEEP

12288:/y50zvBXPNefIIjliHmgtX8ujE6kpfjBzHTChE:o0GvinIDfjxz4

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

paladin5.com

Attributes

dns
5.132.191.104

ns1.vic.au.dns.opennic.glue

ns2.vic.au.dns.opennic.glue

Targets

- Target
  
  9e621faf9f9d751999f1193c02ca5577_JaffaCakes118
- Size
  
  472KB
- MD5
  
  9e621faf9f9d751999f1193c02ca5577
- SHA1
  
  9fa5239819f052bac418c0c6be4d93530ab6439d
- SHA256
  
  a28ddf7248cb96a79b5b4b4d942dbdcffb3f81ced96f2810a1718ebd90eb6000
- SHA512
  
  68ff72eadd0a8df27a6a3d1e89bb27026140687a6dd0d94dbd53ccfba3f8a26721347cc410234d4b7ae63796bfec582332fbd01d50685d2e302f3b0d3a96c503
- SSDEEP
  
  12288:/y50zvBXPNefIIjliHmgtX8ujE6kpfjBzHTChE:o0GvinIDfjxz4
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan