systembc | 64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a | Triage

Resubmissions

13-11-2024 14:15

241113-rkm3kasphs 10

22-08-2024 04:20

240822-eygfqayaqg 10

Sharing

General

Target

64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a
Size

924KB
Sample

241113-rkm3kasphs
MD5

de64bb0f39113e48a8499d3401461cf8
SHA1

8d78c2d4701e4596e87e3f09adde214a2a2033e8
SHA256

64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a
SHA512

35b7cdcfb866dcdc79be34066a9ad5a8058b80e68925aeb23708606149841022de17e9d205389c13803c01e356174a2f657773df7d53f889e4e1fc1d68074179
SSDEEP

24576:NAHFp2K15zXnjfQb6+jFb5RIAJTOcA4gnPdCPPd7wm:WHf15zM5JbtA4wPdCnd75

Score

10^/10

systembc discovery persistence trojan

Malware Config

Extracted

Family

systembc

C2

claywyaeropumps.com

178.132.2.10

Attributes

dns
5.132.191.104

Targets

- Target
  
  64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a
- Size
  
  924KB
- MD5
  
  de64bb0f39113e48a8499d3401461cf8
- SHA1
  
  8d78c2d4701e4596e87e3f09adde214a2a2033e8
- SHA256
  
  64b58794801f282e92571676e3571afc5c59033c262406bf0d36e1d6ef3cda6a
- SHA512
  
  35b7cdcfb866dcdc79be34066a9ad5a8058b80e68925aeb23708606149841022de17e9d205389c13803c01e356174a2f657773df7d53f889e4e1fc1d68074179
- SSDEEP
  
  24576:NAHFp2K15zXnjfQb6+jFb5RIAJTOcA4gnPdCPPd7wm:WHf15zM5JbtA4wPdCnd75
Score

10^/10

systembc discovery persistence trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- SystemBC
  SystemBC is a proxy and remote administration tool first seen in 2019.
  trojan systembc
- Systembc family
  systembc
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

systembcdiscoverypersistencetrojan