systembc | e86c00bb96428b8c113169da2c996f457ed22467c5ad998e87bb48b65e98ab36 | Triage

Submit
Reports

Overview

overview

Static

static

3

bb0a1a5209...18.exe

windows7-x64

bb0a1a5209...18.exe

windows10-2004-x64

Sharing

General

Target

bb0a1a5209fd48e63807b1ba15d6bb69_JaffaCakes118
Size

345KB
Sample

240823-kmqsxathra
MD5

bb0a1a5209fd48e63807b1ba15d6bb69
SHA1

d3170be1c5ae8e2a24cad223c63f382bd796ceb1
SHA256

e86c00bb96428b8c113169da2c996f457ed22467c5ad998e87bb48b65e98ab36
SHA512

d238e9ddece294a5e6edff0fdb372a0433a3bf6f3f64015ac673149a7f59bc3233c1c0874fe5f1387d7a385a52d031e2253e86e58b3384c59f7689d8ac7ea4fd
SSDEEP

6144:aQ6Xl1NFXVdTUMJwA9yLbTMhdbr2X3f+gOkXdhFr:aQwlV8A9yL/iV2XWgO8hFr

Score

10^/10

systembc discovery trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bb0a1a5209fd48e63807b1ba15d6bb69_JaffaCakes118.exe

Resource

win7-20240708-en

systembc discovery trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

bb0a1a5209fd48e63807b1ba15d6bb69_JaffaCakes118.exe

Resource

win10v2004-20240802-en

systembc discovery trojan

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

systembc

C2

knock0909.monster:4035

knock0909.xyz:4035

Targets

- Target
  
  bb0a1a5209fd48e63807b1ba15d6bb69_JaffaCakes118
- Size
  
  345KB
- MD5
  
  bb0a1a5209fd48e63807b1ba15d6bb69
- SHA1
  
  d3170be1c5ae8e2a24cad223c63f382bd796ceb1
- SHA256
  
  e86c00bb96428b8c113169da2c996f457ed22467c5ad998e87bb48b65e98ab36
- SHA512
  
  d238e9ddece294a5e6edff0fdb372a0433a3bf6f3f64015ac673149a7f59bc3233c1c0874fe5f1387d7a385a52d031e2253e86e58b3384c59f7689d8ac7ea4fd
- SSDEEP
  
  6144:aQ6Xl1NFXVdTUMJwA9yLbTMhdbr2X3f+gOkXdhFr:aQwlV8A9yL/iV2XWgO8hFr
Score

10^/10

systembc discovery trojan
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Executes dropped EXE
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverytrojan

behavioral2

systembcdiscoverytrojan

© 2018-2024

Terms | Privacy