systembc | 8ceee34b010701c3745db2e9868c68902440d951d7c2dbe383ee2c25d5aa20dc | Triage

Sharing

General

Target

a2d724e306338577a5896594950d41a5_JaffaCakes118
Size

335KB
Sample

240817-rfv8dasdrn
MD5

a2d724e306338577a5896594950d41a5
SHA1

7914ac4f3911cd4ea2aa15546a6f14cabe89b55d
SHA256

8ceee34b010701c3745db2e9868c68902440d951d7c2dbe383ee2c25d5aa20dc
SHA512

af91fbca78e583ff5a9cc211b154fb5043918fde3d8b0e93e22d9b08e0d0e05ce03bb8e7b7c62a1ac07e2d7b85332badedd03bd681c05dfb0de6e79e2c616526
SSDEEP

6144:rUpXdMEe7VdlxQ/0C7WBCgs0Wkadbr2X3f+gOkXdhF3:rUddkjlk1WBz0kaV2XWgO8hF3

Score

10^/10

systembc discovery trojan

Malware Config

Extracted

Family

systembc

C2

knock0909.monster:4035

knock0909.xyz:4035

Targets

- Target
  
  a2d724e306338577a5896594950d41a5_JaffaCakes118
- Size
  
  335KB
- MD5
  
  a2d724e306338577a5896594950d41a5
- SHA1
  
  7914ac4f3911cd4ea2aa15546a6f14cabe89b55d
- SHA256
  
  8ceee34b010701c3745db2e9868c68902440d951d7c2dbe383ee2c25d5aa20dc
- SHA512
  
  af91fbca78e583ff5a9cc211b154fb5043918fde3d8b0e93e22d9b08e0d0e05ce03bb8e7b7c62a1ac07e2d7b85332badedd03bd681c05dfb0de6e79e2c616526
- SSDEEP
  
  6144:rUpXdMEe7VdlxQ/0C7WBCgs0Wkadbr2X3f+gOkXdhF3:rUddkjlk1WBz0kaV2XWgO8hF3
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan